|
pkg:alpm/archlinux/389-ds-base@1.4.4.4-5
|
alpm
|
archlinux
|
389-ds-base
|
1.4.4.4-5
|
|
|
true
|
2.0.2-1
|
2.0.7-1
|
| 0 |
| url |
VCID-pexr-smr8-gbhh |
| vulnerability_id |
VCID-pexr-smr8-gbhh |
| summary |
389-ds-base: information disclosure during the binding of a DN |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35518 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74018 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74148 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.7414 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74149 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74024 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.7405 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74021 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74055 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.7407 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74091 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74073 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74066 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74105 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74114 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35518 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-35518
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pexr-smr8-gbhh |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@1.4.4.4-5
|
|
|
pkg:alpm/archlinux/389-ds-base@2.0.2-1
|
alpm
|
archlinux
|
389-ds-base
|
2.0.2-1
|
|
|
false
|
2.0.7-1
|
2.0.7-1
|
|
| 0 |
| url |
VCID-pexr-smr8-gbhh |
| vulnerability_id |
VCID-pexr-smr8-gbhh |
| summary |
389-ds-base: information disclosure during the binding of a DN |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35518 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74018 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74148 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.7414 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74149 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74024 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.7405 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74021 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74055 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.7407 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74091 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74073 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74066 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74105 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00801 |
| scoring_system |
epss |
| scoring_elements |
0.74114 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35518 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-35518
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pexr-smr8-gbhh |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.2-1
|
|
|
pkg:alpm/archlinux/389-ds-base@2.0.3-2
|
alpm
|
archlinux
|
389-ds-base
|
2.0.3-2
|
|
|
true
|
2.0.7-1
|
2.0.7-1
|
| 0 |
| url |
VCID-4tn2-her5-6fe1 |
| vulnerability_id |
VCID-4tn2-her5-6fe1 |
| summary |
389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3514 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56838 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56991 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56972 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56948 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56977 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56974 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56951 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56932 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56954 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5693 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56981 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56984 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.00352 |
| scoring_system |
epss |
| scoring_elements |
0.5762 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00352 |
| scoring_system |
epss |
| scoring_elements |
0.57639 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.0037 |
| scoring_system |
epss |
| scoring_elements |
0.58874 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3514 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3514
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4tn2-her5-6fe1 |
|
| 1 |
| url |
VCID-knxk-357y-efhh |
| vulnerability_id |
VCID-knxk-357y-efhh |
| summary |
389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3652 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30099 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30007 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30022 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30002 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29958 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29885 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29771 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29999 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30059 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30095 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30056 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30566 |
| published_at |
2026-04-29T12:55:00Z |
|
| 12 |
| value |
0.00138 |
| scoring_system |
epss |
| scoring_elements |
0.3368 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.00138 |
| scoring_system |
epss |
| scoring_elements |
0.33713 |
| published_at |
2026-04-04T12:55:00Z |
|
| 14 |
| value |
0.00138 |
| scoring_system |
epss |
| scoring_elements |
0.33528 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3652 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3652
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-knxk-357y-efhh |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.3-2
|
|
|
pkg:alpm/archlinux/389-ds-base@2.0.7-1
|
alpm
|
archlinux
|
389-ds-base
|
2.0.7-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-4tn2-her5-6fe1 |
| vulnerability_id |
VCID-4tn2-her5-6fe1 |
| summary |
389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3514 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56838 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56991 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56972 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56948 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56977 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56974 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56951 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56932 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56954 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5693 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56981 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56984 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.00352 |
| scoring_system |
epss |
| scoring_elements |
0.5762 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00352 |
| scoring_system |
epss |
| scoring_elements |
0.57639 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.0037 |
| scoring_system |
epss |
| scoring_elements |
0.58874 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3514 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3514
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4tn2-her5-6fe1 |
|
| 1 |
| url |
VCID-knxk-357y-efhh |
| vulnerability_id |
VCID-knxk-357y-efhh |
| summary |
389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3652 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30099 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30007 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30022 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30002 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29958 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29885 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29771 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29999 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30059 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30095 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30056 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30566 |
| published_at |
2026-04-29T12:55:00Z |
|
| 12 |
| value |
0.00138 |
| scoring_system |
epss |
| scoring_elements |
0.3368 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.00138 |
| scoring_system |
epss |
| scoring_elements |
0.33713 |
| published_at |
2026-04-04T12:55:00Z |
|
| 14 |
| value |
0.00138 |
| scoring_system |
epss |
| scoring_elements |
0.33528 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3652 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3652
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-knxk-357y-efhh |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1
|
|
|
pkg:alpm/archlinux/a2ps@4.14-8
|
alpm
|
archlinux
|
a2ps
|
4.14-8
|
|
|
true
|
4.14-9
|
4.14-9
|
| 0 |
| url |
VCID-436p-4bjx-7khu |
| vulnerability_id |
VCID-436p-4bjx-7khu |
| summary |
a2ps: output_file() format string flaw |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8107 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82766 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82728 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82751 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.8276 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82618 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82635 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82649 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82645 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82671 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82678 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82695 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.8269 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82686 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82724 |
| published_at |
2026-04-16T12:55:00Z |
|
| 14 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82725 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8107 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8107
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-436p-4bjx-7khu |
|
| 1 |
| url |
VCID-jyey-2ny4-akeh |
| vulnerability_id |
VCID-jyey-2ny4-akeh |
| summary |
A vulnerability in a2ps' fixps script might allow remote attackers
to execute arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0466 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56816 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56761 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56856 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56878 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56854 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56905 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56909 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56917 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56897 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56874 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56903 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.569 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56817 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56834 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0466 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-0466
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jyey-2ny4-akeh |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-8
|
|
|
pkg:alpm/archlinux/a2ps@4.14-9
|
alpm
|
archlinux
|
a2ps
|
4.14-9
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-436p-4bjx-7khu |
| vulnerability_id |
VCID-436p-4bjx-7khu |
| summary |
a2ps: output_file() format string flaw |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8107 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82766 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82728 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82751 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.8276 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82618 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82635 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82649 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82645 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82671 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82678 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82695 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.8269 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82686 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82724 |
| published_at |
2026-04-16T12:55:00Z |
|
| 14 |
| value |
0.01778 |
| scoring_system |
epss |
| scoring_elements |
0.82725 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8107 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8107
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-436p-4bjx-7khu |
|
| 1 |
| url |
VCID-jyey-2ny4-akeh |
| vulnerability_id |
VCID-jyey-2ny4-akeh |
| summary |
A vulnerability in a2ps' fixps script might allow remote attackers
to execute arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0466 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56816 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56761 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56856 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56878 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56854 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56905 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56909 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56917 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56897 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56874 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56903 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.569 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56817 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00342 |
| scoring_system |
epss |
| scoring_elements |
0.56834 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0466 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-0466
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jyey-2ny4-akeh |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9
|
|
|
pkg:alpm/archlinux/ansible@2.2.0.0-1
|
alpm
|
archlinux
|
ansible
|
2.2.0.0-1
|
|
|
true
|
2.2.1.0rc5-3
|
2.10.7-1
|
| 0 |
| url |
VCID-yc8n-wxb4-1uaz |
| vulnerability_id |
VCID-yc8n-wxb4-1uaz |
| summary |
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9587 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86714 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86697 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86723 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88561 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88545 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88527 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88523 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88506 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88499 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88554 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88567 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88563 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.8855 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9587 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/advisories/GHSA-m956-frf4-m2wr |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-m956-frf4-m2wr |
|
| 11 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://www.exploit-db.com/exploits/41013 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://www.exploit-db.com/exploits/41013 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-9587 |
| reference_id |
CVE-2016-9587 |
| reference_type |
|
| scores |
| 0 |
| value |
9.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:C/I:C/A:C |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 4 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-9587 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9587, GHSA-m956-frf4-m2wr, PYSEC-2018-39
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yc8n-wxb4-1uaz |
|
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.2.0.0-1
|
|
|
pkg:alpm/archlinux/ansible@2.2.1.0rc5-3
|
alpm
|
archlinux
|
ansible
|
2.2.1.0rc5-3
|
|
|
false
|
2.10.7-1
|
2.10.7-1
|
|
| 0 |
| url |
VCID-yc8n-wxb4-1uaz |
| vulnerability_id |
VCID-yc8n-wxb4-1uaz |
| summary |
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9587 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86714 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86697 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86723 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88561 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88545 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88527 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88523 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88506 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88499 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88554 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88567 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.88563 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.04078 |
| scoring_system |
epss |
| scoring_elements |
0.8855 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9587 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/advisories/GHSA-m956-frf4-m2wr |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-m956-frf4-m2wr |
|
| 11 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://www.exploit-db.com/exploits/41013 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://www.exploit-db.com/exploits/41013 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-9587 |
| reference_id |
CVE-2016-9587 |
| reference_type |
|
| scores |
| 0 |
| value |
9.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:C/I:C/A:C |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 4 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-9587 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9587, GHSA-m956-frf4-m2wr, PYSEC-2018-39
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yc8n-wxb4-1uaz |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.2.1.0rc5-3
|
|
|
pkg:alpm/archlinux/ansible@2.10.5-1
|
alpm
|
archlinux
|
ansible
|
2.10.5-1
|
|
|
true
|
2.10.7-1
|
2.10.7-1
|
| 0 |
| url |
VCID-atun-stks-4kcb |
| vulnerability_id |
VCID-atun-stks-4kcb |
| summary |
Insertion of Sensitive Information into Log File
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20180 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11105 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11208 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11355 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11412 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11204 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11285 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11339 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11345 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11312 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11284 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11147 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11149 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11275 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11214 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11171 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20180 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-20180, GHSA-fh5v-5f35-2rv2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-atun-stks-4kcb |
|
| 1 |
| url |
VCID-fj2p-7wkh-1fhq |
| vulnerability_id |
VCID-fj2p-7wkh-1fhq |
| summary |
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20178 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.0786 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.07893 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.07933 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.0783 |
| published_at |
2026-04-29T12:55:00Z |
|
| 4 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13498 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13411 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13294 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13388 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13435 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13471 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13448 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13367 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13571 |
| published_at |
2026-04-04T12:55:00Z |
|
| 13 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.1351 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20178 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-20178, GHSA-wv5p-gmmv-wh9v, PYSEC-2021-106
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fj2p-7wkh-1fhq |
|
| 2 |
| url |
VCID-xw8r-fn6y-mbhp |
| vulnerability_id |
VCID-xw8r-fn6y-mbhp |
| summary |
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20191 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06584 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06588 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06568 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06553 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.1121 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11131 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11315 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11108 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11089 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.1108 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11217 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11243 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11277 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11266 |
| published_at |
2026-04-09T12:55:00Z |
|
| 14 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11255 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20191 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-20191, GHSA-8f4m-hccc-8qph, PYSEC-2021-124
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xw8r-fn6y-mbhp |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.5-1
|
|
|
pkg:alpm/archlinux/ansible@2.10.7-1
|
alpm
|
archlinux
|
ansible
|
2.10.7-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-atun-stks-4kcb |
| vulnerability_id |
VCID-atun-stks-4kcb |
| summary |
Insertion of Sensitive Information into Log File
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20180 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11105 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11208 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11355 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11412 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11204 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11285 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11339 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11345 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11312 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11284 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11147 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11149 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11275 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11214 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11171 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20180 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-20180, GHSA-fh5v-5f35-2rv2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-atun-stks-4kcb |
|
| 1 |
| url |
VCID-fj2p-7wkh-1fhq |
| vulnerability_id |
VCID-fj2p-7wkh-1fhq |
| summary |
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20178 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.0786 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.07893 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.07933 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.0783 |
| published_at |
2026-04-29T12:55:00Z |
|
| 4 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13498 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13411 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13294 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13388 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13435 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13471 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13448 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13367 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13571 |
| published_at |
2026-04-04T12:55:00Z |
|
| 13 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.1351 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20178 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-20178, GHSA-wv5p-gmmv-wh9v, PYSEC-2021-106
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fj2p-7wkh-1fhq |
|
| 2 |
| url |
VCID-xw8r-fn6y-mbhp |
| vulnerability_id |
VCID-xw8r-fn6y-mbhp |
| summary |
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20191 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06584 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06588 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06568 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06553 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.1121 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11131 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11315 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11108 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11089 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.1108 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11217 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11243 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11277 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11266 |
| published_at |
2026-04-09T12:55:00Z |
|
| 14 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11255 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20191 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-20191, GHSA-8f4m-hccc-8qph, PYSEC-2021-124
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xw8r-fn6y-mbhp |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1
|
|
|
pkg:alpm/archlinux/ansible@3.1.0-1
|
alpm
|
archlinux
|
ansible
|
3.1.0-1
|
|
|
true
|
null
|
null
|
| 0 |
| url |
VCID-rsry-fw45-9yev |
| vulnerability_id |
VCID-rsry-fw45-9yev |
| summary |
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3447 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21842 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21677 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21693 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21686 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22007 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22059 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21824 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21899 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21955 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21967 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21926 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.2187 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21872 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21879 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.2184 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3447 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3447, PYSEC-2021-107
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rsry-fw45-9yev |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@3.1.0-1
|
|
|
pkg:alpm/archlinux/ansible@4.0.0-1
|
alpm
|
archlinux
|
ansible
|
4.0.0-1
|
|
|
true
|
null
|
null
|
| 0 |
| url |
VCID-4yvf-k192-9fca |
| vulnerability_id |
VCID-4yvf-k192-9fca |
| summary |
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-3533, PYSEC-2021-126
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4yvf-k192-9fca |
|
| 1 |
| url |
VCID-vhv1-9ypf-1bd7 |
| vulnerability_id |
VCID-vhv1-9ypf-1bd7 |
| summary |
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-3532, PYSEC-2021-125
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vhv1-9ypf-1bd7 |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@4.0.0-1
|
|
|
pkg:alpm/archlinux/ansible-core@2.11.2-1
|
alpm
|
archlinux
|
ansible-core
|
2.11.2-1
|
|
|
true
|
2.11.3-1
|
2.11.3-1
|
| 0 |
| url |
VCID-axc3-wcsk-q3eg |
| vulnerability_id |
VCID-axc3-wcsk-q3eg |
| summary |
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3583 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.50994 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51033 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51026 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51077 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54927 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.5489 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54913 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54931 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54919 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.5492 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.5487 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54901 |
| published_at |
2026-04-04T12:55:00Z |
|
| 12 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54875 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54804 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3583 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3583, GHSA-2pfh-q76x-gwvm, PYSEC-2021-358
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-axc3-wcsk-q3eg |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.11.2-1
|
|
|
pkg:alpm/archlinux/ansible-core@2.11.3-1
|
alpm
|
archlinux
|
ansible-core
|
2.11.3-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-axc3-wcsk-q3eg |
| vulnerability_id |
VCID-axc3-wcsk-q3eg |
| summary |
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3583 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.50994 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51033 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51026 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51077 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54927 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.5489 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54913 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54931 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54919 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.5492 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.5487 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54901 |
| published_at |
2026-04-04T12:55:00Z |
|
| 12 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54875 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54804 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3583 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3583, GHSA-2pfh-q76x-gwvm, PYSEC-2021-358
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-axc3-wcsk-q3eg |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.11.3-1
|
|
|
pkg:alpm/archlinux/ansible-core@2.12.1-1
|
alpm
|
archlinux
|
ansible-core
|
2.12.1-1
|
|
|
true
|
null
|
null
|
| 0 |
| url |
VCID-65k9-7a9y-cuaw |
| vulnerability_id |
VCID-65k9-7a9y-cuaw |
| summary |
ansible: Secrets leakage vulnerability with ansible collections and ansible galaxy |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3681 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13156 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1302 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13147 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13118 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13265 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1333 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13128 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13209 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1326 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13229 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13192 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1314 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13043 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13045 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13141 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3681 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3681
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-65k9-7a9y-cuaw |
|
| 1 |
| url |
VCID-geaa-6dxx-tbcw |
| vulnerability_id |
VCID-geaa-6dxx-tbcw |
| summary |
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3620 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52468 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52508 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52514 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52499 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52446 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52456 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52418 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52364 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.525 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52484 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52455 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52402 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52437 |
| published_at |
2026-04-04T12:55:00Z |
|
| 13 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52409 |
| published_at |
2026-04-02T12:55:00Z |
|
| 14 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52449 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3620 |
|
| 8 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=1975767 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=1975767 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/advisories/GHSA-4r65-35qq-ch8j |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-4r65-35qq-ch8j |
|
| 12 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3620, GHSA-4r65-35qq-ch8j, PYSEC-2022-164
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-geaa-6dxx-tbcw |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.12.1-1
|
|
|
pkg:alpm/archlinux/ant@1.10.7-1
|
alpm
|
archlinux
|
ant
|
1.10.7-1
|
|
|
true
|
1.10.9-1
|
1.10.11-1
|
| 0 |
| url |
VCID-53z5-f3xj-z7bf |
| vulnerability_id |
VCID-53z5-f3xj-z7bf |
| summary |
Sensitive Data Exposure in Apache Ant
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1945 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04957 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04955 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04974 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04921 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04918 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04936 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05467 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05501 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05432 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.1092 |
| published_at |
2026-04-29T12:55:00Z |
|
| 10 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11031 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11085 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.10947 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.10935 |
| published_at |
2026-04-16T12:55:00Z |
|
| 14 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.10986 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1945 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-1945, GHSA-4p6w-m9wc-c9c9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-53z5-f3xj-z7bf |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.7-1
|
|
|
pkg:alpm/archlinux/ant@1.10.8-1
|
alpm
|
archlinux
|
ant
|
1.10.8-1
|
|
|
true
|
1.10.9-1
|
1.10.11-1
|
| 0 |
| url |
VCID-unby-h128-v3bk |
| vulnerability_id |
VCID-unby-h128-v3bk |
| summary |
Code injection in Apache Ant
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-11979 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78145 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78138 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78105 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78111 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78112 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78077 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78081 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78158 |
| published_at |
2026-04-29T12:55:00Z |
|
| 8 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78098 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78194 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78238 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78206 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78186 |
| published_at |
2026-04-01T12:55:00Z |
|
| 13 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78224 |
| published_at |
2026-04-04T12:55:00Z |
|
| 14 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78233 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-11979 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-11979, GHSA-f62v-xpxf-3v68, GHSA-j45w-qrgf-25vm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-unby-h128-v3bk |
|
|
| 0 |
| url |
VCID-53z5-f3xj-z7bf |
| vulnerability_id |
VCID-53z5-f3xj-z7bf |
| summary |
Sensitive Data Exposure in Apache Ant
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1945 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04957 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04955 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04974 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04921 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04918 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04936 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05467 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05501 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05432 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.1092 |
| published_at |
2026-04-29T12:55:00Z |
|
| 10 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11031 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11085 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.10947 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.10935 |
| published_at |
2026-04-16T12:55:00Z |
|
| 14 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.10986 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1945 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-1945, GHSA-4p6w-m9wc-c9c9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-53z5-f3xj-z7bf |
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.8-1
|
|
|
pkg:alpm/archlinux/ant@1.10.9-1
|
alpm
|
archlinux
|
ant
|
1.10.9-1
|
|
|
false
|
1.10.11-1
|
1.10.11-1
|
|
| 0 |
| url |
VCID-unby-h128-v3bk |
| vulnerability_id |
VCID-unby-h128-v3bk |
| summary |
Code injection in Apache Ant
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-11979 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78145 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78138 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78105 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78111 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78112 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78077 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78081 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78158 |
| published_at |
2026-04-29T12:55:00Z |
|
| 8 |
| value |
0.01104 |
| scoring_system |
epss |
| scoring_elements |
0.78098 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78194 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78238 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78206 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78186 |
| published_at |
2026-04-01T12:55:00Z |
|
| 13 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78224 |
| published_at |
2026-04-04T12:55:00Z |
|
| 14 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78233 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-11979 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-11979, GHSA-f62v-xpxf-3v68, GHSA-j45w-qrgf-25vm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-unby-h128-v3bk |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.9-1
|
|
|
pkg:alpm/archlinux/ant@1.10.10-1
|
alpm
|
archlinux
|
ant
|
1.10.10-1
|
|
|
true
|
1.10.11-1
|
1.10.11-1
|
| 0 |
| url |
VCID-2a6z-dfqf-5ycb |
| vulnerability_id |
VCID-2a6z-dfqf-5ycb |
| summary |
Uncontrolled Resource Consumption
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36373 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24279 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24348 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.2433 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24287 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24221 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24438 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24406 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28241 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28259 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28248 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28306 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.27917 |
| published_at |
2026-04-29T12:55:00Z |
|
| 12 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28195 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28108 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.27996 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36373 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-36373, GHSA-q5r4-cfpx-h6fh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2a6z-dfqf-5ycb |
|
| 1 |
| url |
VCID-6uzy-57uy-zkfw |
| vulnerability_id |
VCID-6uzy-57uy-zkfw |
| summary |
Uncontrolled Resource Consumption
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36374 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29966 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29884 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29876 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.2984 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29875 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29778 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29919 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.3421 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33804 |
| published_at |
2026-04-26T12:55:00Z |
|
| 9 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33826 |
| published_at |
2026-04-24T12:55:00Z |
|
| 10 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.34245 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.34232 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.34198 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33717 |
| published_at |
2026-04-29T12:55:00Z |
|
| 14 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.34234 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36374 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-36374, GHSA-5v34-g2px-j4fw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6uzy-57uy-zkfw |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.10-1
|
|
|
pkg:alpm/archlinux/ant@1.10.11-1
|
alpm
|
archlinux
|
ant
|
1.10.11-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-2a6z-dfqf-5ycb |
| vulnerability_id |
VCID-2a6z-dfqf-5ycb |
| summary |
Uncontrolled Resource Consumption
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36373 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24279 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24348 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.2433 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24287 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24221 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24438 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24406 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28241 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28259 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28248 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28306 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.27917 |
| published_at |
2026-04-29T12:55:00Z |
|
| 12 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28195 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.28108 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.00103 |
| scoring_system |
epss |
| scoring_elements |
0.27996 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36373 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-36373, GHSA-q5r4-cfpx-h6fh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2a6z-dfqf-5ycb |
|
| 1 |
| url |
VCID-6uzy-57uy-zkfw |
| vulnerability_id |
VCID-6uzy-57uy-zkfw |
| summary |
Uncontrolled Resource Consumption
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36374 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29966 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29884 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29876 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.2984 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29875 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29778 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00113 |
| scoring_system |
epss |
| scoring_elements |
0.29919 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.3421 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33804 |
| published_at |
2026-04-26T12:55:00Z |
|
| 9 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33826 |
| published_at |
2026-04-24T12:55:00Z |
|
| 10 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.34245 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.34232 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.34198 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.33717 |
| published_at |
2026-04-29T12:55:00Z |
|
| 14 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.34234 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36374 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-36374, GHSA-5v34-g2px-j4fw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6uzy-57uy-zkfw |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1
|
|
|
pkg:alpm/archlinux/aom@3.0.0-2
|
alpm
|
archlinux
|
aom
|
3.0.0-2
|
|
|
true
|
3.1.0-1
|
3.2.0-1
|
| 0 |
| url |
VCID-42kw-yczz-q7f9 |
| vulnerability_id |
VCID-42kw-yczz-q7f9 |
| summary |
Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30474 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38195 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38287 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38496 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38632 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38656 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38519 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.3857 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38578 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38589 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.3855 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38524 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38572 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.3847 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38312 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30474 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-30474
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-42kw-yczz-q7f9 |
|
| 1 |
| url |
VCID-ytsf-k9ep-17h3 |
| vulnerability_id |
VCID-ytsf-k9ep-17h3 |
| summary |
Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30473 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.4796 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48012 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.47949 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.47988 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48009 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.47958 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48011 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48005 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48029 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48006 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48017 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48069 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48064 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.4802 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48001 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30473 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-30473
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ytsf-k9ep-17h3 |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.0.0-2
|
|
|
pkg:alpm/archlinux/aom@3.1.0-1
|
alpm
|
archlinux
|
aom
|
3.1.0-1
|
|
|
false
|
3.2.0-1
|
3.2.0-1
|
|
| 0 |
| url |
VCID-42kw-yczz-q7f9 |
| vulnerability_id |
VCID-42kw-yczz-q7f9 |
| summary |
Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30474 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38195 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38287 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38496 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38632 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38656 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38519 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.3857 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38578 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38589 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.3855 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38524 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38572 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.3847 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00172 |
| scoring_system |
epss |
| scoring_elements |
0.38312 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30474 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-30474
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-42kw-yczz-q7f9 |
|
| 1 |
| url |
VCID-ytsf-k9ep-17h3 |
| vulnerability_id |
VCID-ytsf-k9ep-17h3 |
| summary |
Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30473 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.4796 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48012 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.47949 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.47988 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48009 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.47958 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48011 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48005 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48029 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48006 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48017 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48069 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48064 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.4802 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.48001 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30473 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-30473
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ytsf-k9ep-17h3 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1
|
|
|
pkg:alpm/archlinux/aom@3.1.3-2
|
alpm
|
archlinux
|
aom
|
3.1.3-2
|
|
|
true
|
3.2.0-1
|
3.2.0-1
|
| 0 |
| url |
VCID-ed5k-acd1-27hn |
| vulnerability_id |
VCID-ed5k-acd1-27hn |
| summary |
Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30475 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.436 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43681 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43715 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.4377 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43794 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43727 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43778 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43781 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43801 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43769 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43753 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43814 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43806 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43739 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43677 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30475 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-30475
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ed5k-acd1-27hn |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.3-2
|
|
|
pkg:alpm/archlinux/aom@3.2.0-1
|
alpm
|
archlinux
|
aom
|
3.2.0-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-ed5k-acd1-27hn |
| vulnerability_id |
VCID-ed5k-acd1-27hn |
| summary |
Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30475 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.436 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43681 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43715 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.4377 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43794 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43727 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43778 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43781 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43801 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43769 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43753 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43814 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43806 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43739 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43677 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30475 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-30475
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ed5k-acd1-27hn |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.2.0-1
|
|
|
pkg:alpm/archlinux/apache@2.4.25-3
|
alpm
|
archlinux
|
apache
|
2.4.25-3
|
|
|
true
|
2.4.26-1
|
2.4.55-1
|
| 0 |
| url |
VCID-1189-ej89-hybs |
| vulnerability_id |
VCID-1189-ej89-hybs |
| summary |
mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3169 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.30773 |
| scoring_system |
epss |
| scoring_elements |
0.96744 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.32699 |
| scoring_system |
epss |
| scoring_elements |
0.96886 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.32699 |
| scoring_system |
epss |
| scoring_elements |
0.96887 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.32699 |
| scoring_system |
epss |
| scoring_elements |
0.96889 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.32699 |
| scoring_system |
epss |
| scoring_elements |
0.96879 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.32699 |
| scoring_system |
epss |
| scoring_elements |
0.96883 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96995 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96996 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96992 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96968 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96976 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.9698 |
| published_at |
2026-04-04T12:55:00Z |
|
| 12 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96982 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96991 |
| published_at |
2026-04-08T12:55:00Z |
|
| 14 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96994 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3169 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3169
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1189-ej89-hybs |
|
| 1 |
| url |
VCID-fyrq-yg2u-jkc7 |
| vulnerability_id |
VCID-fyrq-yg2u-jkc7 |
| summary |
mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7679 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96674 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96672 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96677 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96661 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96668 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96676 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96738 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96715 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96725 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96726 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.9673 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96739 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96742 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7679 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7679
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fyrq-yg2u-jkc7 |
|
| 2 |
| url |
VCID-qayj-kts9-3fde |
| vulnerability_id |
VCID-qayj-kts9-3fde |
| summary |
Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3167 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92879 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92885 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92888 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92873 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92874 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92883 |
| published_at |
2026-04-29T12:55:00Z |
|
| 6 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.9319 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93191 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93187 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93162 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93172 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93176 |
| published_at |
2026-04-04T12:55:00Z |
|
| 12 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93174 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93183 |
| published_at |
2026-04-08T12:55:00Z |
|
| 14 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93192 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3167 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3167
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qayj-kts9-3fde |
|
| 3 |
| url |
VCID-twj7-4qwm-2khv |
| vulnerability_id |
VCID-twj7-4qwm-2khv |
| summary |
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7668 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.64829 |
| scoring_system |
epss |
| scoring_elements |
0.98472 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.64829 |
| scoring_system |
epss |
| scoring_elements |
0.98476 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.64829 |
| scoring_system |
epss |
| scoring_elements |
0.9847 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.64829 |
| scoring_system |
epss |
| scoring_elements |
0.98471 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98523 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98524 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98527 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98529 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98519 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.9853 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98521 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.67269 |
| scoring_system |
epss |
| scoring_elements |
0.98573 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7668 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7668
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-twj7-4qwm-2khv |
|
| 4 |
| url |
VCID-wshe-gf99-tbg6 |
| vulnerability_id |
VCID-wshe-gf99-tbg6 |
| summary |
A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7659 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97208 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97251 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97244 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97246 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97249 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97248 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97213 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97219 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.9722 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.9723 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97231 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97234 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97235 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7659 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7659
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wshe-gf99-tbg6 |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.25-3
|
|
|
pkg:alpm/archlinux/apache@2.4.26-1
|
alpm
|
archlinux
|
apache
|
2.4.26-1
|
|
|
false
|
2.4.27-2
|
2.4.55-1
|
|
| 0 |
| url |
VCID-1189-ej89-hybs |
| vulnerability_id |
VCID-1189-ej89-hybs |
| summary |
mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3169 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.30773 |
| scoring_system |
epss |
| scoring_elements |
0.96744 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.32699 |
| scoring_system |
epss |
| scoring_elements |
0.96886 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.32699 |
| scoring_system |
epss |
| scoring_elements |
0.96887 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.32699 |
| scoring_system |
epss |
| scoring_elements |
0.96889 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.32699 |
| scoring_system |
epss |
| scoring_elements |
0.96879 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.32699 |
| scoring_system |
epss |
| scoring_elements |
0.96883 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96995 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96996 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96992 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96968 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96976 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.9698 |
| published_at |
2026-04-04T12:55:00Z |
|
| 12 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96982 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96991 |
| published_at |
2026-04-08T12:55:00Z |
|
| 14 |
| value |
0.34517 |
| scoring_system |
epss |
| scoring_elements |
0.96994 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3169 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3169
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1189-ej89-hybs |
|
| 1 |
| url |
VCID-fyrq-yg2u-jkc7 |
| vulnerability_id |
VCID-fyrq-yg2u-jkc7 |
| summary |
mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7679 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96674 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96672 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96677 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96661 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96668 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.30062 |
| scoring_system |
epss |
| scoring_elements |
0.96676 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96738 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96715 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96725 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96726 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.9673 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96739 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.31057 |
| scoring_system |
epss |
| scoring_elements |
0.96742 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7679 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7679
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fyrq-yg2u-jkc7 |
|
| 2 |
| url |
VCID-qayj-kts9-3fde |
| vulnerability_id |
VCID-qayj-kts9-3fde |
| summary |
Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3167 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92879 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92885 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92888 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92873 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92874 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.09566 |
| scoring_system |
epss |
| scoring_elements |
0.92883 |
| published_at |
2026-04-29T12:55:00Z |
|
| 6 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.9319 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93191 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93187 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93162 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93172 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93176 |
| published_at |
2026-04-04T12:55:00Z |
|
| 12 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93174 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93183 |
| published_at |
2026-04-08T12:55:00Z |
|
| 14 |
| value |
0.10349 |
| scoring_system |
epss |
| scoring_elements |
0.93192 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3167 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3167
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qayj-kts9-3fde |
|
| 3 |
| url |
VCID-twj7-4qwm-2khv |
| vulnerability_id |
VCID-twj7-4qwm-2khv |
| summary |
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7668 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.64829 |
| scoring_system |
epss |
| scoring_elements |
0.98472 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.64829 |
| scoring_system |
epss |
| scoring_elements |
0.98476 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.64829 |
| scoring_system |
epss |
| scoring_elements |
0.9847 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.64829 |
| scoring_system |
epss |
| scoring_elements |
0.98471 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98523 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98524 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98527 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98529 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98519 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.9853 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.66384 |
| scoring_system |
epss |
| scoring_elements |
0.98521 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.67269 |
| scoring_system |
epss |
| scoring_elements |
0.98573 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7668 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7668
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-twj7-4qwm-2khv |
|
| 4 |
| url |
VCID-wshe-gf99-tbg6 |
| vulnerability_id |
VCID-wshe-gf99-tbg6 |
| summary |
A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7659 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97208 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97251 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97244 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97246 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97249 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97248 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97213 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97219 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.9722 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.9723 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97231 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97234 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.38383 |
| scoring_system |
epss |
| scoring_elements |
0.97235 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7659 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7659
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wshe-gf99-tbg6 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1
|
|
|
pkg:alpm/archlinux/apache@2.4.26-3
|
alpm
|
archlinux
|
apache
|
2.4.26-3
|
|
|
true
|
2.4.27-2
|
2.4.55-1
|
| 0 |
| url |
VCID-jt89-ruvk-1kbj |
| vulnerability_id |
VCID-jt89-ruvk-1kbj |
| summary |
The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9788 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.47063 |
| scoring_system |
epss |
| scoring_elements |
0.97695 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.50243 |
| scoring_system |
epss |
| scoring_elements |
0.97842 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.50243 |
| scoring_system |
epss |
| scoring_elements |
0.97843 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97929 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97934 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97921 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97924 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97926 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97942 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97944 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.9795 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97951 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97937 |
| published_at |
2026-04-09T12:55:00Z |
|
| 13 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97941 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9788 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9788
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jt89-ruvk-1kbj |
|
| 1 |
| url |
VCID-khfr-kgtb-rfam |
| vulnerability_id |
VCID-khfr-kgtb-rfam |
| summary |
When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9789 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93796 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93863 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93858 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93864 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93865 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93867 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93805 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93814 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93818 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93827 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.9383 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93835 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93836 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9789 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9789
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-khfr-kgtb-rfam |
|
|
|
4.5
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-3
|
|
|
pkg:alpm/archlinux/apache@2.4.27-1
|
alpm
|
archlinux
|
apache
|
2.4.27-1
|
|
|
true
|
2.4.27-2
|
2.4.55-1
|
| 0 |
| url |
VCID-5bej-9h7w-33c8 |
| vulnerability_id |
VCID-5bej-9h7w-33c8 |
| summary |
When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9798 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.9384 |
| scoring_system |
epss |
| scoring_elements |
0.99863 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.9384 |
| scoring_system |
epss |
| scoring_elements |
0.99862 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.9384 |
| scoring_system |
epss |
| scoring_elements |
0.99866 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.9384 |
| scoring_system |
epss |
| scoring_elements |
0.99865 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.9384 |
| scoring_system |
epss |
| scoring_elements |
0.99864 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9798 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9798
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5bej-9h7w-33c8 |
|
|
| 0 |
| url |
VCID-jt89-ruvk-1kbj |
| vulnerability_id |
VCID-jt89-ruvk-1kbj |
| summary |
The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9788 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.47063 |
| scoring_system |
epss |
| scoring_elements |
0.97695 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.50243 |
| scoring_system |
epss |
| scoring_elements |
0.97842 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.50243 |
| scoring_system |
epss |
| scoring_elements |
0.97843 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97929 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97934 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97921 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97924 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97926 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97942 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97944 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.9795 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97951 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97937 |
| published_at |
2026-04-09T12:55:00Z |
|
| 13 |
| value |
0.52641 |
| scoring_system |
epss |
| scoring_elements |
0.97941 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9788 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9788
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jt89-ruvk-1kbj |
|
| 1 |
| url |
VCID-khfr-kgtb-rfam |
| vulnerability_id |
VCID-khfr-kgtb-rfam |
| summary |
When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9789 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93796 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93863 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93858 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93864 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93865 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93867 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93805 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93814 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93818 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93827 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.9383 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93835 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.12192 |
| scoring_system |
epss |
| scoring_elements |
0.93836 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9789 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9789
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-khfr-kgtb-rfam |
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1
|
|
|
pkg:alpm/archlinux/apache@2.4.27-2
|
alpm
|
archlinux
|
apache
|
2.4.27-2
|
|
|
false
|
2.4.33-1
|
2.4.55-1
|
|
| 0 |
| url |
VCID-5bej-9h7w-33c8 |
| vulnerability_id |
VCID-5bej-9h7w-33c8 |
| summary |
When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9798 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.9384 |
| scoring_system |
epss |
| scoring_elements |
0.99863 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.9384 |
| scoring_system |
epss |
| scoring_elements |
0.99862 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.9384 |
| scoring_system |
epss |
| scoring_elements |
0.99866 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.9384 |
| scoring_system |
epss |
| scoring_elements |
0.99865 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.9384 |
| scoring_system |
epss |
| scoring_elements |
0.99864 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9798 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9798
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5bej-9h7w-33c8 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-2
|
|
|
pkg:alpm/archlinux/apache@2.4.29-1
|
alpm
|
archlinux
|
apache
|
2.4.29-1
|
|
|
true
|
2.4.33-1
|
2.4.55-1
|
| 0 |
| url |
VCID-9qdr-1v39-d7b7 |
| vulnerability_id |
VCID-9qdr-1v39-d7b7 |
| summary |
When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because "SessionEnv on" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1283 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02927 |
| scoring_system |
epss |
| scoring_elements |
0.86456 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87346 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87273 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87289 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87287 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87306 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87313 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87326 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.8732 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87316 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.8733 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87329 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87334 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87263 |
| published_at |
2026-04-01T12:55:00Z |
|
| 14 |
| value |
0.03761 |
| scoring_system |
epss |
| scoring_elements |
0.88074 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1283 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1283
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdr-1v39-d7b7 |
|
| 1 |
| url |
VCID-apfh-r85v-dbhz |
| vulnerability_id |
VCID-apfh-r85v-dbhz |
| summary |
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1302 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93766 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93834 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93833 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93836 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93838 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93776 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93785 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93789 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93798 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93801 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93805 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93806 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93828 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1302 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1302
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-apfh-r85v-dbhz |
|
| 2 |
| url |
VCID-fqem-96w3-rucb |
| vulnerability_id |
VCID-fqem-96w3-rucb |
| summary |
When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1312 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06949 |
| scoring_system |
epss |
| scoring_elements |
0.91458 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91661 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91622 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91677 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91683 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91681 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91629 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91634 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91642 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91655 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91664 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91667 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91663 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91685 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1312 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1312
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fqem-96w3-rucb |
|
| 3 |
| url |
VCID-jzuw-73df-mfff |
| vulnerability_id |
VCID-jzuw-73df-mfff |
| summary |
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1301 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91755 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91812 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91809 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.9181 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91816 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91764 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.9177 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91777 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.9179 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91797 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.918 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91802 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91798 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91817 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1301 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1301
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff |
|
| 4 |
| url |
VCID-q5wm-suxb-jfeb |
| vulnerability_id |
VCID-q5wm-suxb-jfeb |
| summary |
The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15715 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.93618 |
| scoring_system |
epss |
| scoring_elements |
0.99842 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.94103 |
| scoring_system |
epss |
| scoring_elements |
0.99909 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.94103 |
| scoring_system |
epss |
| scoring_elements |
0.99907 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.94103 |
| scoring_system |
epss |
| scoring_elements |
0.9991 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.94103 |
| scoring_system |
epss |
| scoring_elements |
0.99908 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15715 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15715
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wm-suxb-jfeb |
|
| 5 |
| url |
VCID-scf1-zmu7-e3b2 |
| vulnerability_id |
VCID-scf1-zmu7-e3b2 |
| summary |
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1303 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.32252 |
| scoring_system |
epss |
| scoring_elements |
0.96852 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.32252 |
| scoring_system |
epss |
| scoring_elements |
0.96848 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97325 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97326 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97332 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97333 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97315 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97321 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97345 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97348 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97349 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97335 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97336 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97337 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1303 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1303
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-scf1-zmu7-e3b2 |
|
| 6 |
| url |
VCID-zc2p-sfu7-jkhc |
| vulnerability_id |
VCID-zc2p-sfu7-jkhc |
| summary |
mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15710 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92065 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92113 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92112 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92072 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.9208 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92085 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92097 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.921 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92104 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92105 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92111 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92108 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92109 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.11987 |
| scoring_system |
epss |
| scoring_elements |
0.93799 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15710 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15710
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2p-sfu7-jkhc |
|
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.29-1
|
|
|
pkg:alpm/archlinux/apache@2.4.33-1
|
alpm
|
archlinux
|
apache
|
2.4.33-1
|
|
|
false
|
2.4.34-1
|
2.4.55-1
|
|
| 0 |
| url |
VCID-9qdr-1v39-d7b7 |
| vulnerability_id |
VCID-9qdr-1v39-d7b7 |
| summary |
When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because "SessionEnv on" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1283 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02927 |
| scoring_system |
epss |
| scoring_elements |
0.86456 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87346 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87273 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87289 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87287 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87306 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87313 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87326 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.8732 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87316 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.8733 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87329 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87334 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.03348 |
| scoring_system |
epss |
| scoring_elements |
0.87263 |
| published_at |
2026-04-01T12:55:00Z |
|
| 14 |
| value |
0.03761 |
| scoring_system |
epss |
| scoring_elements |
0.88074 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1283 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1283
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdr-1v39-d7b7 |
|
| 1 |
| url |
VCID-apfh-r85v-dbhz |
| vulnerability_id |
VCID-apfh-r85v-dbhz |
| summary |
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1302 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93766 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93834 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93833 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93836 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93838 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93776 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93785 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93789 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93798 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93801 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93805 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93806 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.12125 |
| scoring_system |
epss |
| scoring_elements |
0.93828 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1302 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1302
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-apfh-r85v-dbhz |
|
| 2 |
| url |
VCID-fqem-96w3-rucb |
| vulnerability_id |
VCID-fqem-96w3-rucb |
| summary |
When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1312 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06949 |
| scoring_system |
epss |
| scoring_elements |
0.91458 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91661 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91622 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91677 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91683 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91681 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91629 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91634 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91642 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91655 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91664 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91667 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91663 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.0728 |
| scoring_system |
epss |
| scoring_elements |
0.91685 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1312 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1312
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fqem-96w3-rucb |
|
| 3 |
| url |
VCID-jzuw-73df-mfff |
| vulnerability_id |
VCID-jzuw-73df-mfff |
| summary |
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1301 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91755 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91812 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91809 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.9181 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91816 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91764 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.9177 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91777 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.9179 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91797 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.918 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91802 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91798 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.07499 |
| scoring_system |
epss |
| scoring_elements |
0.91817 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1301 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1301
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff |
|
| 4 |
| url |
VCID-q5wm-suxb-jfeb |
| vulnerability_id |
VCID-q5wm-suxb-jfeb |
| summary |
The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15715 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.93618 |
| scoring_system |
epss |
| scoring_elements |
0.99842 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.94103 |
| scoring_system |
epss |
| scoring_elements |
0.99909 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.94103 |
| scoring_system |
epss |
| scoring_elements |
0.99907 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.94103 |
| scoring_system |
epss |
| scoring_elements |
0.9991 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.94103 |
| scoring_system |
epss |
| scoring_elements |
0.99908 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15715 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15715
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wm-suxb-jfeb |
|
| 5 |
| url |
VCID-scf1-zmu7-e3b2 |
| vulnerability_id |
VCID-scf1-zmu7-e3b2 |
| summary |
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1303 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.32252 |
| scoring_system |
epss |
| scoring_elements |
0.96852 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.32252 |
| scoring_system |
epss |
| scoring_elements |
0.96848 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97325 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97326 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97332 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97333 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97315 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97321 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97345 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97348 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97349 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97335 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97336 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.40137 |
| scoring_system |
epss |
| scoring_elements |
0.97337 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1303 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1303
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-scf1-zmu7-e3b2 |
|
| 6 |
| url |
VCID-zc2p-sfu7-jkhc |
| vulnerability_id |
VCID-zc2p-sfu7-jkhc |
| summary |
mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15710 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92065 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92113 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92112 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92072 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.9208 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92085 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92097 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.921 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92104 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92105 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92111 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92108 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.08002 |
| scoring_system |
epss |
| scoring_elements |
0.92109 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.11987 |
| scoring_system |
epss |
| scoring_elements |
0.93799 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15710 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15710
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2p-sfu7-jkhc |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1
|
|
|
pkg:alpm/archlinux/apache@2.4.33-3
|
alpm
|
archlinux
|
apache
|
2.4.33-3
|
|
|
true
|
2.4.34-1
|
2.4.55-1
|
| 0 |
| url |
VCID-9vzm-qtye-ufh2 |
| vulnerability_id |
VCID-9vzm-qtye-ufh2 |
| summary |
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1333 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92958 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92987 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92997 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.93012 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.93007 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.93 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92967 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92971 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.9297 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92978 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92983 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92988 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92986 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.15119 |
| scoring_system |
epss |
| scoring_elements |
0.94612 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.22311 |
| scoring_system |
epss |
| scoring_elements |
0.95835 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1333 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1333
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzm-qtye-ufh2 |
|
| 1 |
| url |
VCID-qc9j-x576-ayc1 |
| vulnerability_id |
VCID-qc9j-x576-ayc1 |
| summary |
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-8011 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99199 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99214 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99207 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99208 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99209 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.9921 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99213 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99201 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99203 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-8011 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-8011
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9j-x576-ayc1 |
|
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-3
|
|
|
pkg:alpm/archlinux/apache@2.4.34-1
|
alpm
|
archlinux
|
apache
|
2.4.34-1
|
|
|
false
|
2.4.39-1
|
2.4.55-1
|
|
| 0 |
| url |
VCID-9vzm-qtye-ufh2 |
| vulnerability_id |
VCID-9vzm-qtye-ufh2 |
| summary |
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1333 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92958 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92987 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92997 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.93012 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.93007 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.93 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92967 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92971 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.9297 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92978 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92983 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92988 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.09859 |
| scoring_system |
epss |
| scoring_elements |
0.92986 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.15119 |
| scoring_system |
epss |
| scoring_elements |
0.94612 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.22311 |
| scoring_system |
epss |
| scoring_elements |
0.95835 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1333 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1333
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzm-qtye-ufh2 |
|
| 1 |
| url |
VCID-qc9j-x576-ayc1 |
| vulnerability_id |
VCID-qc9j-x576-ayc1 |
| summary |
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-8011 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99199 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99214 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99207 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99208 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99209 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.9921 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99213 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99201 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.8201 |
| scoring_system |
epss |
| scoring_elements |
0.99203 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-8011 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-8011
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9j-x576-ayc1 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1
|
|
|
pkg:alpm/archlinux/apache@2.4.37-1
|
alpm
|
archlinux
|
apache
|
2.4.37-1
|
|
|
true
|
2.4.39-1
|
2.4.55-1
|
| 0 |
| url |
VCID-7u2r-egf2-vfhx |
| vulnerability_id |
VCID-7u2r-egf2-vfhx |
| summary |
By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17189 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90289 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90359 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.9036 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90345 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90347 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90292 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90305 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.9031 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90324 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90331 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90339 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90332 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90338 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.07668 |
| scoring_system |
epss |
| scoring_elements |
0.91912 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17189 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-17189
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7u2r-egf2-vfhx |
|
| 1 |
| url |
VCID-7vjg-vetg-p7f6 |
| vulnerability_id |
VCID-7vjg-vetg-p7f6 |
| summary |
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0190 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95031 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95079 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.9508 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95077 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95042 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95045 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95052 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95056 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95061 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95063 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95074 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95065 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.18924 |
| scoring_system |
epss |
| scoring_elements |
0.95332 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0190 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0190
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjg-vetg-p7f6 |
|
| 2 |
| url |
VCID-ct26-19cq-8kd7 |
| vulnerability_id |
VCID-ct26-19cq-8kd7 |
| summary |
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17199 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10423 |
| scoring_system |
epss |
| scoring_elements |
0.93248 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93228 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93208 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93252 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93257 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93264 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93268 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93266 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93217 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93222 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.9322 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93233 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93237 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93234 |
| published_at |
2026-04-12T12:55:00Z |
|
| 14 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93236 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17199 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-17199
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ct26-19cq-8kd7 |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.37-1
|
|
|
pkg:alpm/archlinux/apache@2.4.38-1
|
alpm
|
archlinux
|
apache
|
2.4.38-1
|
|
|
true
|
2.4.39-1
|
2.4.55-1
|
| 0 |
| url |
VCID-4sss-a8ne-kqbc |
| vulnerability_id |
VCID-4sss-a8ne-kqbc |
| summary |
When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" is unaffected by this. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0197 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84326 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84461 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84449 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84458 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.8434 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84361 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84363 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84385 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.8439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84408 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84401 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84397 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.8442 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84423 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0197 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0197
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4sss-a8ne-kqbc |
|
| 1 |
| url |
VCID-6vxq-uxxw-ybeh |
| vulnerability_id |
VCID-6vxq-uxxw-ybeh |
| summary |
Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0196 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08584 |
| scoring_system |
epss |
| scoring_elements |
0.92426 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92827 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92804 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92847 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92854 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92856 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92811 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92816 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92814 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92823 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92831 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.9283 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92841 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92842 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0196 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0196
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxq-uxxw-ybeh |
|
| 2 |
| url |
VCID-ehv1-yvpu-ubcg |
| vulnerability_id |
VCID-ehv1-yvpu-ubcg |
| summary |
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0211 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.90159 |
| scoring_system |
epss |
| scoring_elements |
0.99586 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.9026 |
| scoring_system |
epss |
| scoring_elements |
0.99594 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.9026 |
| scoring_system |
epss |
| scoring_elements |
0.99593 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99633 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99632 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99634 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99636 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99637 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99639 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0211 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
| reference_url |
https://usn.ubuntu.com/3937-1/ |
| reference_id |
USN-3937-1 |
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/ |
|
|
| url |
https://usn.ubuntu.com/3937-1/ |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0211
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ehv1-yvpu-ubcg |
|
| 3 |
| url |
VCID-ugdv-apr8-g3bz |
| vulnerability_id |
VCID-ugdv-apr8-g3bz |
| summary |
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0215 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05872 |
| scoring_system |
epss |
| scoring_elements |
0.90593 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91791 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91756 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.9181 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91811 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91817 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91816 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91764 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91771 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91778 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91798 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91801 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91802 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91818 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0215 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0215
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ugdv-apr8-g3bz |
|
| 4 |
| url |
VCID-uwqg-yytc-vfae |
| vulnerability_id |
VCID-uwqg-yytc-vfae |
| summary |
When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0220 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95478 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95532 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95531 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95488 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95494 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95498 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95505 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95507 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95512 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95513 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95514 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95522 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.9553 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95528 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.22688 |
| scoring_system |
epss |
| scoring_elements |
0.95883 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0220 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0220
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uwqg-yytc-vfae |
|
| 5 |
| url |
VCID-w6p6-u8ku-k3f6 |
| vulnerability_id |
VCID-w6p6-u8ku-k3f6 |
| summary |
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0217 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97464 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97501 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97487 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97488 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97496 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97498 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97499 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97471 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97475 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97481 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97482 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97485 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0217 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0217
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w6p6-u8ku-k3f6 |
|
|
| 0 |
| url |
VCID-7u2r-egf2-vfhx |
| vulnerability_id |
VCID-7u2r-egf2-vfhx |
| summary |
By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17189 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90289 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90359 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.9036 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90345 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90347 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90292 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90305 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.9031 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90324 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90331 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90339 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90332 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.05616 |
| scoring_system |
epss |
| scoring_elements |
0.90338 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.07668 |
| scoring_system |
epss |
| scoring_elements |
0.91912 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17189 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-17189
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7u2r-egf2-vfhx |
|
| 1 |
| url |
VCID-7vjg-vetg-p7f6 |
| vulnerability_id |
VCID-7vjg-vetg-p7f6 |
| summary |
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0190 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95031 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95079 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.9508 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95077 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95042 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95045 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95052 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95056 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95061 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95063 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95074 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.17386 |
| scoring_system |
epss |
| scoring_elements |
0.95065 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.18924 |
| scoring_system |
epss |
| scoring_elements |
0.95332 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0190 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0190
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjg-vetg-p7f6 |
|
| 2 |
| url |
VCID-ct26-19cq-8kd7 |
| vulnerability_id |
VCID-ct26-19cq-8kd7 |
| summary |
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17199 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10423 |
| scoring_system |
epss |
| scoring_elements |
0.93248 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93228 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93208 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93252 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93257 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93264 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93268 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93266 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93217 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93222 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.9322 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93233 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93237 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93234 |
| published_at |
2026-04-12T12:55:00Z |
|
| 14 |
| value |
0.10459 |
| scoring_system |
epss |
| scoring_elements |
0.93236 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17199 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-17199
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ct26-19cq-8kd7 |
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1
|
|
|
pkg:alpm/archlinux/apache@2.4.39-1
|
alpm
|
archlinux
|
apache
|
2.4.39-1
|
|
|
false
|
2.4.43-1
|
2.4.55-1
|
|
| 0 |
| url |
VCID-4sss-a8ne-kqbc |
| vulnerability_id |
VCID-4sss-a8ne-kqbc |
| summary |
When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" is unaffected by this. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0197 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84326 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84461 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84449 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84458 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.8434 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84361 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84363 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84385 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.8439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84408 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84401 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84397 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.8442 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.02193 |
| scoring_system |
epss |
| scoring_elements |
0.84423 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0197 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0197
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4sss-a8ne-kqbc |
|
| 1 |
| url |
VCID-6vxq-uxxw-ybeh |
| vulnerability_id |
VCID-6vxq-uxxw-ybeh |
| summary |
Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0196 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08584 |
| scoring_system |
epss |
| scoring_elements |
0.92426 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92827 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92804 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92847 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92854 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92856 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92811 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92816 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92814 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92823 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92831 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.9283 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92841 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.09496 |
| scoring_system |
epss |
| scoring_elements |
0.92842 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0196 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0196
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxq-uxxw-ybeh |
|
| 2 |
| url |
VCID-ehv1-yvpu-ubcg |
| vulnerability_id |
VCID-ehv1-yvpu-ubcg |
| summary |
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0211 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.90159 |
| scoring_system |
epss |
| scoring_elements |
0.99586 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.9026 |
| scoring_system |
epss |
| scoring_elements |
0.99594 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.9026 |
| scoring_system |
epss |
| scoring_elements |
0.99593 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99633 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99632 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99634 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99636 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99637 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.90908 |
| scoring_system |
epss |
| scoring_elements |
0.99639 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0211 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
| reference_url |
https://usn.ubuntu.com/3937-1/ |
| reference_id |
USN-3937-1 |
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/ |
|
|
| url |
https://usn.ubuntu.com/3937-1/ |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0211
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ehv1-yvpu-ubcg |
|
| 3 |
| url |
VCID-ugdv-apr8-g3bz |
| vulnerability_id |
VCID-ugdv-apr8-g3bz |
| summary |
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0215 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05872 |
| scoring_system |
epss |
| scoring_elements |
0.90593 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91791 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91756 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.9181 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91811 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91817 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91816 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91764 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91771 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91778 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91798 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91801 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91802 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.07501 |
| scoring_system |
epss |
| scoring_elements |
0.91818 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0215 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0215
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ugdv-apr8-g3bz |
|
| 4 |
| url |
VCID-uwqg-yytc-vfae |
| vulnerability_id |
VCID-uwqg-yytc-vfae |
| summary |
When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0220 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95478 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95532 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95531 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95488 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95494 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95498 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95505 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95507 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95512 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95513 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95514 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95522 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.9553 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.20275 |
| scoring_system |
epss |
| scoring_elements |
0.95528 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.22688 |
| scoring_system |
epss |
| scoring_elements |
0.95883 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0220 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0220
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uwqg-yytc-vfae |
|
| 5 |
| url |
VCID-w6p6-u8ku-k3f6 |
| vulnerability_id |
VCID-w6p6-u8ku-k3f6 |
| summary |
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0217 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97464 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97501 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97487 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97488 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97496 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97498 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97499 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97471 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97475 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97481 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97482 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.43022 |
| scoring_system |
epss |
| scoring_elements |
0.97485 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-0217 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0217
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w6p6-u8ku-k3f6 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1
|
|
|
pkg:alpm/archlinux/apache@2.4.41-1
|
alpm
|
archlinux
|
apache
|
2.4.41-1
|
|
|
true
|
2.4.43-1
|
2.4.55-1
|
| 0 |
| url |
VCID-5xrt-1n1q-4bey |
| vulnerability_id |
VCID-5xrt-1n1q-4bey |
| summary |
In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1927 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0656 |
| scoring_system |
epss |
| scoring_elements |
0.91177 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93522 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93495 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93552 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.9356 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93565 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93563 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93504 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93511 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93519 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93528 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93527 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93547 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1927 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-1927
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey |
|
| 1 |
| url |
VCID-auhk-ppv5-buaa |
| vulnerability_id |
VCID-auhk-ppv5-buaa |
| summary |
in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1934 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.27241 |
| scoring_system |
epss |
| scoring_elements |
0.96409 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97233 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97221 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97248 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97257 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97258 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97262 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97227 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97232 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97242 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97243 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97247 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1934 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-1934
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa |
|
|
|
2.8
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.41-1
|
|
|
pkg:alpm/archlinux/apache@2.4.43-1
|
alpm
|
archlinux
|
apache
|
2.4.43-1
|
|
|
false
|
2.4.51-1
|
2.4.55-1
|
|
| 0 |
| url |
VCID-5xrt-1n1q-4bey |
| vulnerability_id |
VCID-5xrt-1n1q-4bey |
| summary |
In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1927 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0656 |
| scoring_system |
epss |
| scoring_elements |
0.91177 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93522 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93495 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93552 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.9356 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93565 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93563 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93504 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93511 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93519 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93528 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93527 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.11302 |
| scoring_system |
epss |
| scoring_elements |
0.93547 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1927 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-1927
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey |
|
| 1 |
| url |
VCID-auhk-ppv5-buaa |
| vulnerability_id |
VCID-auhk-ppv5-buaa |
| summary |
in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1934 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.27241 |
| scoring_system |
epss |
| scoring_elements |
0.96409 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97233 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97221 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97248 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97257 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97258 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97262 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97227 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97232 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97242 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97243 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.38657 |
| scoring_system |
epss |
| scoring_elements |
0.97247 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1934 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-1934
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1
|
|
|
pkg:alpm/archlinux/apache@2.4.46-3
|
alpm
|
archlinux
|
apache
|
2.4.46-3
|
|
|
true
|
2.4.51-1
|
2.4.55-1
|
| 0 |
| url |
VCID-17hy-4ppt-xyhw |
| vulnerability_id |
VCID-17hy-4ppt-xyhw |
| summary |
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26691 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97325 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97365 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97359 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.9736 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97361 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97332 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97336 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97343 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97344 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97347 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97348 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97356 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26691 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-26691
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw |
|
| 1 |
| url |
VCID-66k7-maf9-dfcd |
| vulnerability_id |
VCID-66k7-maf9-dfcd |
| summary |
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35452 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10294 |
| scoring_system |
epss |
| scoring_elements |
0.93204 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93315 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93289 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93342 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93349 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93353 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93297 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93303 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93302 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93311 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.9332 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93318 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93319 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93337 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35452 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-35452
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd |
|
| 2 |
| url |
VCID-91u7-vh6n-v7fm |
| vulnerability_id |
VCID-91u7-vh6n-v7fm |
| summary |
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13938 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21778 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21628 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21943 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21997 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21761 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21839 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21894 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21906 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21866 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21808 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21811 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21818 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21634 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21782 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32506 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13938 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-13938
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm |
|
| 3 |
| url |
VCID-9ych-ybpr-j3h6 |
| vulnerability_id |
VCID-9ych-ybpr-j3h6 |
| summary |
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13950 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95684 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95734 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95727 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95731 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95732 |
| published_at |
2026-04-29T12:55:00Z |
|
| 5 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95693 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95698 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95701 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.9571 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95714 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95717 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95716 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95718 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13950 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-13950
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6 |
|
| 4 |
| url |
VCID-bvkg-nrwd-e7g8 |
| vulnerability_id |
VCID-bvkg-nrwd-e7g8 |
| summary |
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26690 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98675 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98698 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98691 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98695 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98697 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98678 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98681 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98682 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98683 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98685 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98687 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98689 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26690 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-26690
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8 |
|
| 5 |
| url |
VCID-f2y3-s6j8-7ygr |
| vulnerability_id |
VCID-f2y3-s6j8-7ygr |
| summary |
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-17567 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93865 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93931 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.9393 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93933 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93932 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93874 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93883 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93886 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93895 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93898 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93902 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93903 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93924 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93929 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-17567 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-17567
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr |
|
| 6 |
| url |
VCID-g6xr-qtwz-2yaq |
| vulnerability_id |
VCID-g6xr-qtwz-2yaq |
| summary |
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30641 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97082 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97132 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97127 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97128 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97131 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97089 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97094 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97095 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97105 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97109 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.9711 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97111 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97119 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97122 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30641 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-30641
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq |
|
|
|
3.6
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.46-3
|
|
|
pkg:alpm/archlinux/apache@2.4.47-1
|
alpm
|
archlinux
|
apache
|
2.4.47-1
|
|
|
true
|
2.4.51-1
|
2.4.55-1
|
| 0 |
| url |
VCID-6b7y-562y-suce |
| vulnerability_id |
VCID-6b7y-562y-suce |
| summary |
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.
This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.
This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31618 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93455 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.934 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93416 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93392 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93408 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.9346 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93456 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.9345 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93445 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93424 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93425 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93419 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31618 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-31618
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce |
|
|
| 0 |
| url |
VCID-17hy-4ppt-xyhw |
| vulnerability_id |
VCID-17hy-4ppt-xyhw |
| summary |
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26691 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97325 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97365 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97359 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.9736 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97361 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97332 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97336 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97343 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97344 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97347 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97348 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.40357 |
| scoring_system |
epss |
| scoring_elements |
0.97356 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26691 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-26691
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw |
|
| 1 |
| url |
VCID-66k7-maf9-dfcd |
| vulnerability_id |
VCID-66k7-maf9-dfcd |
| summary |
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35452 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10294 |
| scoring_system |
epss |
| scoring_elements |
0.93204 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93315 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93289 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93342 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93349 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93353 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93297 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93303 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93302 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93311 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.9332 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93318 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93319 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.10695 |
| scoring_system |
epss |
| scoring_elements |
0.93337 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35452 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-35452
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd |
|
| 2 |
| url |
VCID-91u7-vh6n-v7fm |
| vulnerability_id |
VCID-91u7-vh6n-v7fm |
| summary |
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13938 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21778 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21628 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21943 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21997 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21761 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21839 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21894 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21906 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21866 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21808 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21811 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21818 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21634 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21782 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32506 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13938 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-13938
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm |
|
| 3 |
| url |
VCID-9ych-ybpr-j3h6 |
| vulnerability_id |
VCID-9ych-ybpr-j3h6 |
| summary |
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13950 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95684 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95734 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95727 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95731 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95732 |
| published_at |
2026-04-29T12:55:00Z |
|
| 5 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95693 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95698 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95701 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.9571 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95714 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95717 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95716 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.21543 |
| scoring_system |
epss |
| scoring_elements |
0.95718 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13950 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-13950
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6 |
|
| 4 |
| url |
VCID-bvkg-nrwd-e7g8 |
| vulnerability_id |
VCID-bvkg-nrwd-e7g8 |
| summary |
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26690 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98675 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98698 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98691 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98695 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98697 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98678 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98681 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98682 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98683 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98685 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98687 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.70379 |
| scoring_system |
epss |
| scoring_elements |
0.98689 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26690 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-26690
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8 |
|
| 5 |
| url |
VCID-f2y3-s6j8-7ygr |
| vulnerability_id |
VCID-f2y3-s6j8-7ygr |
| summary |
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-17567 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93865 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93931 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.9393 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93933 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93932 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93874 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93883 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93886 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93895 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93898 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93902 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93903 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93924 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.12438 |
| scoring_system |
epss |
| scoring_elements |
0.93929 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-17567 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-17567
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr |
|
| 6 |
| url |
VCID-g6xr-qtwz-2yaq |
| vulnerability_id |
VCID-g6xr-qtwz-2yaq |
| summary |
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30641 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97082 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97132 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97127 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97128 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97131 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97089 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97094 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97095 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97105 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97109 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.9711 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97111 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97119 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.36362 |
| scoring_system |
epss |
| scoring_elements |
0.97122 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-30641 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-30641
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq |
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1
|
|
|
pkg:alpm/archlinux/apache@2.4.48-1
|
alpm
|
archlinux
|
apache
|
2.4.48-1
|
|
|
true
|
2.4.51-1
|
2.4.55-1
|
| 0 |
| url |
VCID-9u53-b79b-cfgd |
| vulnerability_id |
VCID-9u53-b79b-cfgd |
| summary |
Malformed requests may cause the server to dereference a NULL pointer.
This issue affects Apache HTTP Server 2.4.48 and earlier. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-34798 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93141 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93201 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.932 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93205 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93204 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93151 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93154 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93153 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93162 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93166 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93172 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93169 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93171 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93187 |
| published_at |
2026-04-16T12:55:00Z |
|
| 14 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93191 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-34798 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-34798
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd |
|
| 1 |
| url |
VCID-db6k-j9mj-e7hy |
| vulnerability_id |
VCID-db6k-j9mj-e7hy |
| summary |
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
This issue affects Apache HTTP Server 2.4.17 to 2.4.48. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33193 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00569 |
| scoring_system |
epss |
| scoring_elements |
0.68634 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00569 |
| scoring_system |
epss |
| scoring_elements |
0.68629 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00569 |
| scoring_system |
epss |
| scoring_elements |
0.6858 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.00609 |
| scoring_system |
epss |
| scoring_elements |
0.69818 |
| published_at |
2026-04-29T12:55:00Z |
|
| 4 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72879 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72917 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.729 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72934 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72943 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72892 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72839 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72846 |
| published_at |
2026-04-02T12:55:00Z |
|
| 12 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72866 |
| published_at |
2026-04-04T12:55:00Z |
|
| 13 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72841 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33193 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33193
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy |
|
| 2 |
| url |
VCID-mtg7-8556-kbgd |
| vulnerability_id |
VCID-mtg7-8556-kbgd |
| summary |
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
This issue affects Apache HTTP Server 2.4.48 and earlier. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-40438
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd |
|
| 3 |
| url |
VCID-rdtq-8ng5-53fn |
| vulnerability_id |
VCID-rdtq-8ng5-53fn |
| summary |
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).
This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36160 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.8792 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.88013 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.88006 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.8793 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87943 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87947 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87968 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87974 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87985 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87978 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87977 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.8799 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87991 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.04687 |
| scoring_system |
epss |
| scoring_elements |
0.89382 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36160 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-36160
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn |
|
| 4 |
| url |
VCID-wrw6-uzz4-rkfb |
| vulnerability_id |
VCID-wrw6-uzz4-rkfb |
| summary |
ap_escape_quotes() may write beyond the end of a buffer when given malicious input.
No included modules pass untrusted data to these functions, but third-party / external modules may.
This issue affects Apache HTTP Server 2.4.48 and earlier. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-39275 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97171 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97215 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97209 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97213 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97214 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97177 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97183 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97193 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97194 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97198 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97199 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97207 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-39275 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-39275
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb |
|
|
| 0 |
| url |
VCID-6b7y-562y-suce |
| vulnerability_id |
VCID-6b7y-562y-suce |
| summary |
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.
This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.
This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31618 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93455 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.934 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93416 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93392 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93408 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.9346 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93456 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.9345 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93445 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93424 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93425 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.11001 |
| scoring_system |
epss |
| scoring_elements |
0.93419 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31618 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-31618
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce |
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.48-1
|
|
|
pkg:alpm/archlinux/apache@2.4.49-1
|
alpm
|
archlinux
|
apache
|
2.4.49-1
|
|
|
true
|
2.4.51-1
|
2.4.55-1
|
| 0 |
| url |
VCID-ffpe-1ctd-77e9 |
| vulnerability_id |
VCID-ffpe-1ctd-77e9 |
| summary |
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.
If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.
This issue is known to be exploited in the wild.
This issue only affects Apache 2.4.49 and not earlier versions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-41773
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ffpe-1ctd-77e9 |
|
| 1 |
| url |
VCID-hj5r-jms3-x3fe |
| vulnerability_id |
VCID-hj5r-jms3-x3fe |
| summary |
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,
allowing an external source to DoS the server. This requires a specially crafted request.
The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41524 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91488 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91557 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91551 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91559 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91495 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91502 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.9151 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91523 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91529 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91534 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91535 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91533 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91555 |
| published_at |
2026-04-29T12:55:00Z |
|
| 13 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.9155 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41524 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-41524
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hj5r-jms3-x3fe |
|
|
| 0 |
| url |
VCID-9u53-b79b-cfgd |
| vulnerability_id |
VCID-9u53-b79b-cfgd |
| summary |
Malformed requests may cause the server to dereference a NULL pointer.
This issue affects Apache HTTP Server 2.4.48 and earlier. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-34798 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93141 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93201 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.932 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93205 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93204 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93151 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93154 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93153 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93162 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93166 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93172 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93169 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93171 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93187 |
| published_at |
2026-04-16T12:55:00Z |
|
| 14 |
| value |
0.1029 |
| scoring_system |
epss |
| scoring_elements |
0.93191 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-34798 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-34798
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd |
|
| 1 |
| url |
VCID-db6k-j9mj-e7hy |
| vulnerability_id |
VCID-db6k-j9mj-e7hy |
| summary |
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
This issue affects Apache HTTP Server 2.4.17 to 2.4.48. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33193 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00569 |
| scoring_system |
epss |
| scoring_elements |
0.68634 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.00569 |
| scoring_system |
epss |
| scoring_elements |
0.68629 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00569 |
| scoring_system |
epss |
| scoring_elements |
0.6858 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.00609 |
| scoring_system |
epss |
| scoring_elements |
0.69818 |
| published_at |
2026-04-29T12:55:00Z |
|
| 4 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72879 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72917 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.729 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72934 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72943 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72892 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72839 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72846 |
| published_at |
2026-04-02T12:55:00Z |
|
| 12 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72866 |
| published_at |
2026-04-04T12:55:00Z |
|
| 13 |
| value |
0.00739 |
| scoring_system |
epss |
| scoring_elements |
0.72841 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33193 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-33193
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy |
|
| 2 |
| url |
VCID-mtg7-8556-kbgd |
| vulnerability_id |
VCID-mtg7-8556-kbgd |
| summary |
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
This issue affects Apache HTTP Server 2.4.48 and earlier. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-40438
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd |
|
| 3 |
| url |
VCID-rdtq-8ng5-53fn |
| vulnerability_id |
VCID-rdtq-8ng5-53fn |
| summary |
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).
This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36160 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.8792 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.88013 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.88006 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.8793 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87943 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87947 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87968 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87974 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87985 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87978 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87977 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.8799 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.03716 |
| scoring_system |
epss |
| scoring_elements |
0.87991 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.04687 |
| scoring_system |
epss |
| scoring_elements |
0.89382 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36160 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-36160
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn |
|
| 4 |
| url |
VCID-wrw6-uzz4-rkfb |
| vulnerability_id |
VCID-wrw6-uzz4-rkfb |
| summary |
ap_escape_quotes() may write beyond the end of a buffer when given malicious input.
No included modules pass untrusted data to these functions, but third-party / external modules may.
This issue affects Apache HTTP Server 2.4.48 and earlier. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-39275 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97171 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97215 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97209 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97213 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97214 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97177 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97183 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97193 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97194 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97198 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97199 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.37674 |
| scoring_system |
epss |
| scoring_elements |
0.97207 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-39275 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-39275
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb |
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1
|
|
|
pkg:alpm/archlinux/apache@2.4.50-1
|
alpm
|
archlinux
|
apache
|
2.4.50-1
|
|
|
true
|
2.4.51-1
|
2.4.55-1
|
| 0 |
| url |
VCID-qn74-neyt-jkg9 |
| vulnerability_id |
VCID-qn74-neyt-jkg9 |
| summary |
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.
If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.
This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-42013
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qn74-neyt-jkg9 |
|
|
| 0 |
| url |
VCID-ffpe-1ctd-77e9 |
| vulnerability_id |
VCID-ffpe-1ctd-77e9 |
| summary |
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.
If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.
This issue is known to be exploited in the wild.
This issue only affects Apache 2.4.49 and not earlier versions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-41773
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ffpe-1ctd-77e9 |
|
| 1 |
| url |
VCID-hj5r-jms3-x3fe |
| vulnerability_id |
VCID-hj5r-jms3-x3fe |
| summary |
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,
allowing an external source to DoS the server. This requires a specially crafted request.
The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41524 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91488 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91557 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91551 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91559 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91495 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91502 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.9151 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91523 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91529 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91534 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91535 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91533 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.91555 |
| published_at |
2026-04-29T12:55:00Z |
|
| 13 |
| value |
0.07103 |
| scoring_system |
epss |
| scoring_elements |
0.9155 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41524 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-41524
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hj5r-jms3-x3fe |
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1
|
|
|
pkg:alpm/archlinux/apache@2.4.51-1
|
alpm
|
archlinux
|
apache
|
2.4.51-1
|
|
|
false
|
2.4.54-1
|
2.4.55-1
|
|
| 0 |
| url |
VCID-qn74-neyt-jkg9 |
| vulnerability_id |
VCID-qn74-neyt-jkg9 |
| summary |
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.
If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.
This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-42013
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qn74-neyt-jkg9 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.51-1
|
|
|
pkg:alpm/archlinux/apache@2.4.53-1
|
alpm
|
archlinux
|
apache
|
2.4.53-1
|
|
|
true
|
2.4.54-1
|
2.4.55-1
|
| 0 |
| url |
VCID-4d3t-es7p-9qhn |
| vulnerability_id |
VCID-4d3t-es7p-9qhn |
| summary |
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28615 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78229 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78114 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78131 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78101 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78215 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78209 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78177 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78181 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78182 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78149 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78153 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78171 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78146 |
| published_at |
2026-04-09T12:55:00Z |
|
| 13 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.7814 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28615 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-28615
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4d3t-es7p-9qhn |
|
| 1 |
| url |
VCID-d36c-rrxh-ybgv |
| vulnerability_id |
VCID-d36c-rrxh-ybgv |
| summary |
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-29404 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84852 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84816 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84843 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84853 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84738 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84757 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84759 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84781 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84788 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84806 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84802 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84797 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84818 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84819 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-29404 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-29404
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d36c-rrxh-ybgv |
|
| 2 |
| url |
VCID-gv84-vfvh-y7hu |
| vulnerability_id |
VCID-gv84-vfvh-y7hu |
| summary |
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-30522 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93674 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93672 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93677 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93676 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93616 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93625 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93627 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93636 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93638 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93643 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93644 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93662 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93669 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-30522 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-30522
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gv84-vfvh-y7hu |
|
| 3 |
| url |
VCID-hm3f-m22n-u3gy |
| vulnerability_id |
VCID-hm3f-m22n-u3gy |
| summary |
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-30556 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66301 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66263 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66286 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.663 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66195 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66222 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66192 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.6624 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66253 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66273 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.6626 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66229 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66264 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66279 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-30556 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-30556
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hm3f-m22n-u3gy |
|
| 4 |
| url |
VCID-na94-5565-dyfc |
| vulnerability_id |
VCID-na94-5565-dyfc |
| summary |
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
Modules compiled and distributed separately from Apache HTTP Server that use the "ap_rputs" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28614 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69359 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69314 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69346 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69353 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.6922 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.6924 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69221 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69271 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69289 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69311 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69295 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69266 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69305 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28614 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-28614
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-na94-5565-dyfc |
|
| 5 |
| url |
VCID-p2a1-afnh-7qca |
| vulnerability_id |
VCID-p2a1-afnh-7qca |
| summary |
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.
This may be used to bypass IP based authentication on the origin server/application. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-31813 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11522 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11369 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11453 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11511 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1312 |
| published_at |
2026-04-29T12:55:00Z |
|
| 5 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13379 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13443 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13247 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13252 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13224 |
| published_at |
2026-04-26T12:55:00Z |
|
| 10 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13305 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13255 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13161 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1316 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-31813 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-31813
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p2a1-afnh-7qca |
|
| 6 |
| url |
VCID-qm7e-n9ay-hufy |
| vulnerability_id |
VCID-qm7e-n9ay-hufy |
| summary |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-26377 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97288 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97289 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97297 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97299 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97304 |
| published_at |
2026-04-29T12:55:00Z |
|
| 5 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97302 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97287 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97301 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.3988 |
| scoring_system |
epss |
| scoring_elements |
0.97321 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.3988 |
| scoring_system |
epss |
| scoring_elements |
0.97308 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.3988 |
| scoring_system |
epss |
| scoring_elements |
0.97313 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.3988 |
| scoring_system |
epss |
| scoring_elements |
0.97314 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.3988 |
| scoring_system |
epss |
| scoring_elements |
0.9732 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-26377 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-26377
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qm7e-n9ay-hufy |
|
|
|
4.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.53-1
|
|
|
pkg:alpm/archlinux/apache@2.4.54-1
|
alpm
|
archlinux
|
apache
|
2.4.54-1
|
|
|
false
|
2.4.55-1
|
2.4.55-1
|
|
| 0 |
| url |
VCID-4d3t-es7p-9qhn |
| vulnerability_id |
VCID-4d3t-es7p-9qhn |
| summary |
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28615 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78229 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78114 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78131 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78101 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78215 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78209 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78177 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78181 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78182 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78149 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78153 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78171 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.78146 |
| published_at |
2026-04-09T12:55:00Z |
|
| 13 |
| value |
0.01111 |
| scoring_system |
epss |
| scoring_elements |
0.7814 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28615 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-28615
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4d3t-es7p-9qhn |
|
| 1 |
| url |
VCID-d36c-rrxh-ybgv |
| vulnerability_id |
VCID-d36c-rrxh-ybgv |
| summary |
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-29404 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84852 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84816 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84843 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84853 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84738 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84757 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84759 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84781 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84788 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84806 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84802 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84797 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84818 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.0232 |
| scoring_system |
epss |
| scoring_elements |
0.84819 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-29404 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-29404
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d36c-rrxh-ybgv |
|
| 2 |
| url |
VCID-gv84-vfvh-y7hu |
| vulnerability_id |
VCID-gv84-vfvh-y7hu |
| summary |
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-30522 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93674 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93672 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93677 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93676 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93616 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93625 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93627 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93636 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93638 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93643 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93644 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93662 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.11589 |
| scoring_system |
epss |
| scoring_elements |
0.93669 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-30522 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-30522
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gv84-vfvh-y7hu |
|
| 3 |
| url |
VCID-hm3f-m22n-u3gy |
| vulnerability_id |
VCID-hm3f-m22n-u3gy |
| summary |
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-30556 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66301 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66263 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66286 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.663 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66195 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66222 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66192 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.6624 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66253 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66273 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.6626 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66229 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66264 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00506 |
| scoring_system |
epss |
| scoring_elements |
0.66279 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-30556 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-30556
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hm3f-m22n-u3gy |
|
| 4 |
| url |
VCID-na94-5565-dyfc |
| vulnerability_id |
VCID-na94-5565-dyfc |
| summary |
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
Modules compiled and distributed separately from Apache HTTP Server that use the "ap_rputs" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28614 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69359 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69314 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69346 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69353 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.6922 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.6924 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69221 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69271 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69289 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69311 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69295 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69266 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00593 |
| scoring_system |
epss |
| scoring_elements |
0.69305 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28614 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-28614
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-na94-5565-dyfc |
|
| 5 |
| url |
VCID-p2a1-afnh-7qca |
| vulnerability_id |
VCID-p2a1-afnh-7qca |
| summary |
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.
This may be used to bypass IP based authentication on the origin server/application. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-31813 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11522 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11369 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11453 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11511 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1312 |
| published_at |
2026-04-29T12:55:00Z |
|
| 5 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13379 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13443 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13247 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13252 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13224 |
| published_at |
2026-04-26T12:55:00Z |
|
| 10 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13305 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13255 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13161 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1316 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-31813 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-31813
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p2a1-afnh-7qca |
|
| 6 |
| url |
VCID-qm7e-n9ay-hufy |
| vulnerability_id |
VCID-qm7e-n9ay-hufy |
| summary |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-26377 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97288 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97289 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97297 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97299 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97304 |
| published_at |
2026-04-29T12:55:00Z |
|
| 5 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97302 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97287 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.39296 |
| scoring_system |
epss |
| scoring_elements |
0.97301 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.3988 |
| scoring_system |
epss |
| scoring_elements |
0.97321 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.3988 |
| scoring_system |
epss |
| scoring_elements |
0.97308 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.3988 |
| scoring_system |
epss |
| scoring_elements |
0.97313 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.3988 |
| scoring_system |
epss |
| scoring_elements |
0.97314 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.3988 |
| scoring_system |
epss |
| scoring_elements |
0.9732 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-26377 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-26377
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qm7e-n9ay-hufy |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1
|
|
|
pkg:alpm/archlinux/apache@2.4.54-3
|
alpm
|
archlinux
|
apache
|
2.4.54-3
|
|
|
true
|
2.4.55-1
|
2.4.55-1
|
| 0 |
| url |
VCID-6qk8-1cj1-4fh7 |
| vulnerability_id |
VCID-6qk8-1cj1-4fh7 |
| summary |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36760 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52497 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52542 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52581 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52588 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52574 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52524 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52534 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52481 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52508 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52475 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52528 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52522 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52573 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52558 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36760 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-36760
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6qk8-1cj1-4fh7 |
|
| 1 |
| url |
VCID-fz8c-b8r4-1yb8 |
| vulnerability_id |
VCID-fz8c-b8r4-1yb8 |
| summary |
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.
This issue affects Apache HTTP Server 2.4.54 and earlier. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-20001 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63051 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63212 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63196 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63177 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63198 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63213 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.6311 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.6314 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63105 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63157 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63174 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63191 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63176 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63154 |
| published_at |
2026-04-13T12:55:00Z |
|
| 14 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63188 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-20001 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-20001
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fz8c-b8r4-1yb8 |
|
| 2 |
| url |
VCID-htfx-mahy-9kde |
| vulnerability_id |
VCID-htfx-mahy-9kde |
| summary |
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37436 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64246 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64208 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64235 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64196 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64262 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64275 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64264 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64237 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.67617 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.67609 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.67627 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.67638 |
| published_at |
2026-04-26T12:55:00Z |
|
| 12 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.6764 |
| published_at |
2026-04-29T12:55:00Z |
|
| 13 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.6763 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37436 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-37436
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-htfx-mahy-9kde |
|
|
|
3.4
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-3
|
|
|
pkg:alpm/archlinux/apache@2.4.55-1
|
alpm
|
archlinux
|
apache
|
2.4.55-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-6qk8-1cj1-4fh7 |
| vulnerability_id |
VCID-6qk8-1cj1-4fh7 |
| summary |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36760 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52497 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52542 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52581 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52588 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52574 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52524 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52534 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52481 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52508 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52475 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52528 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52522 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52573 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52558 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36760 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-36760
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6qk8-1cj1-4fh7 |
|
| 1 |
| url |
VCID-fz8c-b8r4-1yb8 |
| vulnerability_id |
VCID-fz8c-b8r4-1yb8 |
| summary |
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.
This issue affects Apache HTTP Server 2.4.54 and earlier. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-20001 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63051 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63212 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63196 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63177 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63198 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63213 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.6311 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.6314 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63105 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63157 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63174 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63191 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63176 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63154 |
| published_at |
2026-04-13T12:55:00Z |
|
| 14 |
| value |
0.00439 |
| scoring_system |
epss |
| scoring_elements |
0.63188 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-20001 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-20001
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fz8c-b8r4-1yb8 |
|
| 2 |
| url |
VCID-htfx-mahy-9kde |
| vulnerability_id |
VCID-htfx-mahy-9kde |
| summary |
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37436 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64246 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64208 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64235 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64196 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64262 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64275 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64264 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64237 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.67617 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.67609 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.67627 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.67638 |
| published_at |
2026-04-26T12:55:00Z |
|
| 12 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.6764 |
| published_at |
2026-04-29T12:55:00Z |
|
| 13 |
| value |
0.00539 |
| scoring_system |
epss |
| scoring_elements |
0.6763 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37436 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-37436
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-htfx-mahy-9kde |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1
|
|
|
pkg:alpm/archlinux/apr@1.6.2-1
|
alpm
|
archlinux
|
apr
|
1.6.2-1
|
|
|
true
|
1.6.3-1
|
1.6.3-1
|
| 0 |
| url |
VCID-jdxe-krj9-8kax |
| vulnerability_id |
VCID-jdxe-krj9-8kax |
| summary |
apr: Out-of-bounds array deref in apr_time_exp*() functions |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12613 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48167 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48177 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48285 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4828 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48237 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48218 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48229 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48205 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48225 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48176 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4823 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48224 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48249 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48223 |
| published_at |
2026-04-12T12:55:00Z |
|
| 14 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48234 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12613 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-12613
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jdxe-krj9-8kax |
|
|
|
3.4
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.6.2-1
|
|
|
pkg:alpm/archlinux/apr@1.6.3-1
|
alpm
|
archlinux
|
apr
|
1.6.3-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-jdxe-krj9-8kax |
| vulnerability_id |
VCID-jdxe-krj9-8kax |
| summary |
apr: Out-of-bounds array deref in apr_time_exp*() functions |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12613 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48167 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48177 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48285 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4828 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48237 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48218 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48229 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48205 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48225 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48176 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4823 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48224 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48249 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48223 |
| published_at |
2026-04-12T12:55:00Z |
|
| 14 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48234 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12613 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-12613
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jdxe-krj9-8kax |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.6.3-1
|
|
|
pkg:alpm/archlinux/apr@1.7.0-3
|
alpm
|
archlinux
|
apr
|
1.7.0-3
|
|
|
true
|
null
|
null
|
| 0 |
| url |
VCID-xz52-5z1u-cuf9 |
| vulnerability_id |
VCID-xz52-5z1u-cuf9 |
| summary |
apr: Regression of CVE-2017-12613 fix in apr 1.7 |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-35940 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17918 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17842 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17903 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17874 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17825 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17767 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17777 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17999 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.18054 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17754 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19389 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19288 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19277 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19236 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-35940 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-35940
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xz52-5z1u-cuf9 |
|
|
|
3.2
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.7.0-3
|
|
|
pkg:alpm/archlinux/apr-util@1.6.0-1
|
alpm
|
archlinux
|
apr-util
|
1.6.0-1
|
|
|
true
|
1.6.1-1
|
1.6.1-1
|
| 0 |
| url |
VCID-8d91-nmr2-hbg7 |
| vulnerability_id |
VCID-8d91-nmr2-hbg7 |
| summary |
apr-util: Out-of-bounds access in corrupted SDBM database |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12618 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45162 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45261 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45242 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45264 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45206 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.5281 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52742 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52753 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52713 |
| published_at |
2026-04-29T12:55:00Z |
|
| 9 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52794 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52748 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52798 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52782 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52765 |
| published_at |
2026-04-13T12:55:00Z |
|
| 14 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52803 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12618 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-12618
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8d91-nmr2-hbg7 |
|
|
|
2.5
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr-util@1.6.0-1
|
|
|
pkg:alpm/archlinux/apr-util@1.6.1-1
|
alpm
|
archlinux
|
apr-util
|
1.6.1-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-8d91-nmr2-hbg7 |
| vulnerability_id |
VCID-8d91-nmr2-hbg7 |
| summary |
apr-util: Out-of-bounds access in corrupted SDBM database |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12618 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45162 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45261 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45242 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45264 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45206 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.5281 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52742 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52753 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52713 |
| published_at |
2026-04-29T12:55:00Z |
|
| 9 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52794 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52748 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52798 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52782 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52765 |
| published_at |
2026-04-13T12:55:00Z |
|
| 14 |
| value |
0.00295 |
| scoring_system |
epss |
| scoring_elements |
0.52803 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12618 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-12618
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8d91-nmr2-hbg7 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr-util@1.6.1-1
|
|
|
pkg:alpm/archlinux/argocd@2.0.1-1
|
alpm
|
archlinux
|
argocd
|
2.0.1-1
|
|
|
true
|
null
|
null
|
| 0 |
| url |
VCID-bpzz-9qe3-2kdg |
| vulnerability_id |
VCID-bpzz-9qe3-2kdg |
| summary |
argocd: ServiceAccount argocd-argocd-server is able to read all resources of the whole cluster |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3557 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39861 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.40009 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.40035 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39955 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.40008 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.40021 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.40032 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39995 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.40025 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39996 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39917 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39742 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39727 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39641 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3557 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3557
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bpzz-9qe3-2kdg |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/argocd@2.0.1-1
|
|
|
pkg:alpm/archlinux/ark@16.12.0-1
|
alpm
|
archlinux
|
ark
|
16.12.0-1
|
|
|
true
|
16.12.1-1
|
20.08.0-2
|
| 0 |
| url |
VCID-ffje-day6-8qg2 |
| vulnerability_id |
VCID-ffje-day6-8qg2 |
| summary |
A vulnerability in Ark might allow remote attackers to execute
arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5330 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66975 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66959 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66942 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66964 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66977 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66876 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66902 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66875 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66923 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66937 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66957 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66943 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66912 |
| published_at |
2026-04-13T12:55:00Z |
|
| 14 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66945 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5330 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-5330
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ffje-day6-8qg2 |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@16.12.0-1
|
|
|
pkg:alpm/archlinux/ark@16.12.1-1
|
alpm
|
archlinux
|
ark
|
16.12.1-1
|
|
|
false
|
20.08.0-2
|
20.08.0-2
|
|
| 0 |
| url |
VCID-ffje-day6-8qg2 |
| vulnerability_id |
VCID-ffje-day6-8qg2 |
| summary |
A vulnerability in Ark might allow remote attackers to execute
arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5330 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66975 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66959 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66942 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66964 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66977 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66876 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66902 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66875 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66923 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66937 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66957 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66943 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66912 |
| published_at |
2026-04-13T12:55:00Z |
|
| 14 |
| value |
0.00523 |
| scoring_system |
epss |
| scoring_elements |
0.66945 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5330 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-5330
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ffje-day6-8qg2 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@16.12.1-1
|
|
|
pkg:alpm/archlinux/ark@20.08.0-1
|
alpm
|
archlinux
|
ark
|
20.08.0-1
|
|
|
true
|
20.08.0-2
|
20.08.0-2
|
| 0 |
| url |
VCID-1573-ctpz-bfhh |
| vulnerability_id |
VCID-1573-ctpz-bfhh |
| summary |
Ark was found to allow arbitrary file overwrite, possibly allowing
arbitrary code execution. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-24654 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.7458 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74584 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74611 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74585 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74617 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74631 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74654 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74634 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74626 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74815 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74817 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74863 |
| published_at |
2026-04-29T12:55:00Z |
|
| 13 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74852 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74859 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-24654 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-24654
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1573-ctpz-bfhh |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@20.08.0-1
|
|
|
pkg:alpm/archlinux/ark@20.08.0-2
|
alpm
|
archlinux
|
ark
|
20.08.0-2
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-1573-ctpz-bfhh |
| vulnerability_id |
VCID-1573-ctpz-bfhh |
| summary |
Ark was found to allow arbitrary file overwrite, possibly allowing
arbitrary code execution. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-24654 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.7458 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74584 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74611 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74585 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74617 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74631 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74654 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74634 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74626 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74815 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74817 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74863 |
| published_at |
2026-04-29T12:55:00Z |
|
| 13 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74852 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.00845 |
| scoring_system |
epss |
| scoring_elements |
0.74859 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-24654 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-24654
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1573-ctpz-bfhh |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@20.08.0-2
|
|
|
pkg:alpm/archlinux/arpwatch@3.1-1
|
alpm
|
archlinux
|
arpwatch
|
3.1-1
|
|
|
true
|
null
|
null
|
| 0 |
| url |
VCID-h9sw-exyc-67dz |
| vulnerability_id |
VCID-h9sw-exyc-67dz |
| summary |
arpwatch: Local privilege escalation from runtime user to root |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25321 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08633 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08694 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08738 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08692 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.0866 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08709 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08632 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08707 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08732 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08733 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.0871 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08695 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08583 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.0857 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08725 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25321 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-25321
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h9sw-exyc-67dz |
|
|
|
3.3
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/arpwatch@3.1-1
|
|
|
pkg:alpm/archlinux/aspell@0.60.8-2
|
alpm
|
archlinux
|
aspell
|
0.60.8-2
|
|
|
true
|
0.60.8-3
|
0.60.8-3
|
| 0 |
| url |
VCID-rtxt-2zns-byan |
| vulnerability_id |
VCID-rtxt-2zns-byan |
| summary |
A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-25051 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13823 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13652 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13767 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13736 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13905 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13962 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13764 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13846 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13898 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13855 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13819 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.1377 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13679 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13673 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13745 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-25051 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-25051
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rtxt-2zns-byan |
|
|
|
3.5
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspell@0.60.8-2
|
|
|
pkg:alpm/archlinux/aspell@0.60.8-3
|
alpm
|
archlinux
|
aspell
|
0.60.8-3
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-rtxt-2zns-byan |
| vulnerability_id |
VCID-rtxt-2zns-byan |
| summary |
A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-25051 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13823 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13652 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13767 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13736 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13905 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13962 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13764 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13846 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13898 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13855 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13819 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.1377 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13679 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13673 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13745 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-25051 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-25051
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rtxt-2zns-byan |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspell@0.60.8-3
|
|
|
pkg:alpm/archlinux/aspnet-runtime@5.0.6.sdk203-1
|
alpm
|
archlinux
|
aspnet-runtime
|
5.0.6.sdk203-1
|
|
|
true
|
5.0.7.sdk204-1
|
5.0.7.sdk204-1
|
| 0 |
| url |
VCID-mkvc-qau4-tqcd |
| vulnerability_id |
VCID-mkvc-qau4-tqcd |
| summary |
# Withdrawn
This advisory was initially published and mapped incorrectly to nuget `Microsoft.NETCore.App.Ref`. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package. Thus we have withdrawn this advisory.
The underlying ASP.NET Core Denial of Service Vulnerability and CVE-2021-31957 remain legitimate.
# Description.
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial of service vulnerability exists when ASP.NET Core improperly handles client disconnect. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
### Patches
* If you're using .NET 5.0, you should download and install Runtime 5.0.7 or SDK 5.0.204 (for Visual Studio 2019 v16.8) or SDK 5.0.301 (for Visual Studio 2019 16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.16 or SDK 3.1.116 (for Visual Studio 2019 v16.4) or 3.1.410 (for Visual Studio 2019 v16.5 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1.
#### Other Details
- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/188
- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/33369
- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957 |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31957 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91357 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91358 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91347 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91348 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91323 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91324 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91322 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91315 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91308 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91296 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91289 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91279 |
| published_at |
2026-04-02T12:55:00Z |
|
| 12 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91274 |
| published_at |
2026-04-01T12:55:00Z |
|
| 13 |
| value |
0.08957 |
| scoring_system |
epss |
| scoring_elements |
0.92611 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31957 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-31957, GHSA-mcwm-2wmc-6hv4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mkvc-qau4-tqcd |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.6.sdk203-1
|
|
|
pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1
|
alpm
|
archlinux
|
aspnet-runtime
|
5.0.7.sdk204-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-mkvc-qau4-tqcd |
| vulnerability_id |
VCID-mkvc-qau4-tqcd |
| summary |
# Withdrawn
This advisory was initially published and mapped incorrectly to nuget `Microsoft.NETCore.App.Ref`. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package. Thus we have withdrawn this advisory.
The underlying ASP.NET Core Denial of Service Vulnerability and CVE-2021-31957 remain legitimate.
# Description.
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial of service vulnerability exists when ASP.NET Core improperly handles client disconnect. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
### Patches
* If you're using .NET 5.0, you should download and install Runtime 5.0.7 or SDK 5.0.204 (for Visual Studio 2019 v16.8) or SDK 5.0.301 (for Visual Studio 2019 16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.16 or SDK 3.1.116 (for Visual Studio 2019 v16.4) or 3.1.410 (for Visual Studio 2019 v16.5 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1.
#### Other Details
- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/188
- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/33369
- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957 |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31957 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91357 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91358 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91347 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91348 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91323 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91324 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91322 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91315 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91308 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91296 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91289 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91279 |
| published_at |
2026-04-02T12:55:00Z |
|
| 12 |
| value |
0.068 |
| scoring_system |
epss |
| scoring_elements |
0.91274 |
| published_at |
2026-04-01T12:55:00Z |
|
| 13 |
| value |
0.08957 |
| scoring_system |
epss |
| scoring_elements |
0.92611 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31957 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-31957, GHSA-mcwm-2wmc-6hv4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mkvc-qau4-tqcd |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1
|
|
|
pkg:alpm/archlinux/atftp@0.7.2-2
|
alpm
|
archlinux
|
atftp
|
0.7.2-2
|
|
|
true
|
0.7.2-3
|
0.7.5-1
|
| 0 |
| url |
VCID-r2dj-7m5m-7fgq |
| vulnerability_id |
VCID-r2dj-7m5m-7fgq |
| summary |
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-6097 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52216 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52251 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52168 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52212 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52239 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52203 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52257 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52252 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52303 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52286 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52272 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.5231 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52314 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52296 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52244 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-6097 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-6097
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r2dj-7m5m-7fgq |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.2-2
|
|
|
pkg:alpm/archlinux/atftp@0.7.2-3
|
alpm
|
archlinux
|
atftp
|
0.7.2-3
|
|
|
false
|
0.7.5-1
|
0.7.5-1
|
|
| 0 |
| url |
VCID-r2dj-7m5m-7fgq |
| vulnerability_id |
VCID-r2dj-7m5m-7fgq |
| summary |
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-6097 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52216 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52251 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52168 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52212 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52239 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52203 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52257 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52252 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52303 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52286 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52272 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.5231 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52314 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52296 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52244 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-6097 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-6097
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r2dj-7m5m-7fgq |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.2-3
|
|
|
pkg:alpm/archlinux/atftp@0.7.4-1
|
alpm
|
archlinux
|
atftp
|
0.7.4-1
|
|
|
true
|
0.7.5-1
|
0.7.5-1
|
| 0 |
| url |
VCID-8gv8-qwdd-5fd2 |
| vulnerability_id |
VCID-8gv8-qwdd-5fd2 |
| summary |
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41054 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65309 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65313 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65176 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65226 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65251 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65217 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65267 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.6528 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65298 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65285 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65258 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65292 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65302 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65299 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41054 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-41054
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8gv8-qwdd-5fd2 |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.4-1
|
|
|
pkg:alpm/archlinux/atftp@0.7.5-1
|
alpm
|
archlinux
|
atftp
|
0.7.5-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-8gv8-qwdd-5fd2 |
| vulnerability_id |
VCID-8gv8-qwdd-5fd2 |
| summary |
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41054 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65309 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65313 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65176 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65226 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65251 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65217 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65267 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.6528 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65298 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65285 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65258 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65292 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65302 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00484 |
| scoring_system |
epss |
| scoring_elements |
0.65299 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41054 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-41054
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8gv8-qwdd-5fd2 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.5-1
|
|
|
pkg:alpm/archlinux/atomicparsley@20210617.200601.1ac7c08-1
|
alpm
|
archlinux
|
atomicparsley
|
20210617.200601.1ac7c08-1
|
|
|
true
|
20210715.151551.e7ad03a-1
|
20210715.151551.e7ad03a-1
|
| 0 |
| url |
VCID-w4tx-u3hz-qqet |
| vulnerability_id |
VCID-w4tx-u3hz-qqet |
| summary |
Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-37232 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69283 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69123 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69138 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69159 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.6914 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.6919 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69209 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69231 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69217 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69188 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69228 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69237 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69216 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69267 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69275 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-37232 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-37232
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w4tx-u3hz-qqet |
|
| 1 |
| url |
VCID-wbxk-gdmk-yudc |
| vulnerability_id |
VCID-wbxk-gdmk-yudc |
| summary |
Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-37231 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56894 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5684 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56935 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56956 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56932 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56983 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56986 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56994 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56974 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5695 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56979 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56976 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56953 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56892 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5691 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-37231 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-37231
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wbxk-gdmk-yudc |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210617.200601.1ac7c08-1
|
|
|
pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1
|
alpm
|
archlinux
|
atomicparsley
|
20210715.151551.e7ad03a-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-w4tx-u3hz-qqet |
| vulnerability_id |
VCID-w4tx-u3hz-qqet |
| summary |
Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-37232 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69283 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69123 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69138 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69159 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.6914 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.6919 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69209 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69231 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69217 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69188 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69228 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69237 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69216 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69267 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69275 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-37232 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-37232
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w4tx-u3hz-qqet |
|
| 1 |
| url |
VCID-wbxk-gdmk-yudc |
| vulnerability_id |
VCID-wbxk-gdmk-yudc |
| summary |
Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-37231 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56894 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5684 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56935 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56956 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56932 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56983 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56986 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56994 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56974 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5695 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56979 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56976 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56953 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56892 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5691 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-37231 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-37231
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wbxk-gdmk-yudc |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1
|
|
|
pkg:alpm/archlinux/aubio@0.4.8-1
|
alpm
|
archlinux
|
aubio
|
0.4.8-1
|
|
|
true
|
0.4.9-1
|
0.4.9-1
|
| 0 |
| url |
VCID-7kh4-36ar-vqdc |
| vulnerability_id |
VCID-7kh4-36ar-vqdc |
| summary |
aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19802 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77897 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77754 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77761 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77788 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77771 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77798 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77803 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.7783 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77814 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77813 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77849 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77848 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77842 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77875 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77883 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19802 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/aubio/aubio |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/aubio/aubio |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19802, GHSA-c6jq-h4jp-72pr, PYSEC-2019-164
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7kh4-36ar-vqdc |
|
| 1 |
| url |
VCID-bgwj-p1y1-mycb |
| vulnerability_id |
VCID-bgwj-p1y1-mycb |
| summary |
aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19800 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73416 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73374 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73381 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73401 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73378 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73365 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73328 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73356 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73332 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73323 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73463 |
| published_at |
2026-04-26T12:55:00Z |
|
| 11 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73461 |
| published_at |
2026-04-29T12:55:00Z |
|
| 12 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73451 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73418 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73424 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19800 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/aubio/aubio |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/aubio/aubio |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19800, GHSA-grmf-4fq6-2r79, PYSEC-2019-162
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bgwj-p1y1-mycb |
|
| 2 |
| url |
VCID-k5dk-dngq-3ycy |
| vulnerability_id |
VCID-k5dk-dngq-3ycy |
| summary |
aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19801 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69463 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69424 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69438 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69453 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69431 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69415 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69365 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69386 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69369 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69358 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.6952 |
| published_at |
2026-04-29T12:55:00Z |
|
| 11 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69515 |
| published_at |
2026-04-26T12:55:00Z |
|
| 12 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69508 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69455 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69473 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19801 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/aubio/aubio |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/aubio/aubio |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19801, GHSA-7vvr-h4p5-m7fh, PYSEC-2019-163
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k5dk-dngq-3ycy |
|
|
|
4.5
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.8-1
|
|
|
pkg:alpm/archlinux/aubio@0.4.9-1
|
alpm
|
archlinux
|
aubio
|
0.4.9-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-7kh4-36ar-vqdc |
| vulnerability_id |
VCID-7kh4-36ar-vqdc |
| summary |
aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19802 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77897 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77754 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77761 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77788 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77771 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77798 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77803 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.7783 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77814 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77813 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77849 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77848 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77842 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77875 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.01078 |
| scoring_system |
epss |
| scoring_elements |
0.77883 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19802 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/aubio/aubio |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/aubio/aubio |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19802, GHSA-c6jq-h4jp-72pr, PYSEC-2019-164
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7kh4-36ar-vqdc |
|
| 1 |
| url |
VCID-bgwj-p1y1-mycb |
| vulnerability_id |
VCID-bgwj-p1y1-mycb |
| summary |
aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19800 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73416 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73374 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73381 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73401 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73378 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73365 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73328 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73356 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73332 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73323 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73463 |
| published_at |
2026-04-26T12:55:00Z |
|
| 11 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73461 |
| published_at |
2026-04-29T12:55:00Z |
|
| 12 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73451 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73418 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73424 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19800 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/aubio/aubio |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/aubio/aubio |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19800, GHSA-grmf-4fq6-2r79, PYSEC-2019-162
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bgwj-p1y1-mycb |
|
| 2 |
| url |
VCID-k5dk-dngq-3ycy |
| vulnerability_id |
VCID-k5dk-dngq-3ycy |
| summary |
aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19801 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69463 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69424 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69438 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69453 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69431 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69415 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69365 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69386 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69369 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69358 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.6952 |
| published_at |
2026-04-29T12:55:00Z |
|
| 11 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69515 |
| published_at |
2026-04-26T12:55:00Z |
|
| 12 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69508 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69455 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69473 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19801 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/aubio/aubio |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/aubio/aubio |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19801, GHSA-7vvr-h4p5-m7fh, PYSEC-2019-163
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k5dk-dngq-3ycy |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1
|
|
|
pkg:alpm/archlinux/audacity@1:2.4.1-4
|
alpm
|
archlinux
|
audacity
|
1:2.4.1-4
|
|
|
true
|
null
|
null
|
| 0 |
| url |
VCID-veb9-7659-wfg7 |
| vulnerability_id |
VCID-veb9-7659-wfg7 |
| summary |
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-11867 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30349 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30749 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30876 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30923 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30743 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30801 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30833 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30835 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.3079 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30745 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.3077 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.3075 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30716 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.3055 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30433 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-11867 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-11867
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-veb9-7659-wfg7 |
|
|
|
1.4
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audacity@1:2.4.1-4
|
|
|
pkg:alpm/archlinux/audiofile@0.3.6-3
|
alpm
|
archlinux
|
audiofile
|
0.3.6-3
|
|
|
true
|
0.3.6-4
|
0.3.6-4
|
| 0 |
| url |
VCID-2fxt-mcp5-vkdz |
| vulnerability_id |
VCID-2fxt-mcp5-vkdz |
| summary |
audiofile: Index out of bounds for type int16_t |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6837 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90718 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90789 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90788 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90784 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90783 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90794 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90724 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90735 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90746 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90757 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90763 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90771 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90768 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6837 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6837
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2fxt-mcp5-vkdz |
|
| 1 |
| url |
VCID-411s-5r62-zubr |
| vulnerability_id |
VCID-411s-5r62-zubr |
| summary |
audiofile: Heap-based buffer overflow in readValue |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6828 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.17241 |
| scoring_system |
epss |
| scoring_elements |
0.95042 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.17241 |
| scoring_system |
epss |
| scoring_elements |
0.95028 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.17241 |
| scoring_system |
epss |
| scoring_elements |
0.95037 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.17241 |
| scoring_system |
epss |
| scoring_elements |
0.95041 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.17241 |
| scoring_system |
epss |
| scoring_elements |
0.95043 |
| published_at |
2026-04-29T12:55:00Z |
|
| 5 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.95739 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.95742 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.95746 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.9571 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.9573 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.95719 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.95727 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6828 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6828
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-411s-5r62-zubr |
|
| 2 |
| url |
VCID-5ckf-qbbb-57f7 |
| vulnerability_id |
VCID-5ckf-qbbb-57f7 |
| summary |
audiofile: Heap-based buffer overflow in IMA::decodeBlockWAVE |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6831 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.86128 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.86083 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.861 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.86105 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.86098 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.86118 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89123 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89144 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89149 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.8916 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89156 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.891 |
| published_at |
2026-04-01T12:55:00Z |
|
| 12 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89109 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89126 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6831 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6831
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5ckf-qbbb-57f7 |
|
| 3 |
| url |
VCID-87tp-awyv-4yad |
| vulnerability_id |
VCID-87tp-awyv-4yad |
| summary |
audiofile: Heap-based buffer overflow in alaw2linear_buf |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6830 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.89624 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.89594 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.89608 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.8961 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.89606 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.8962 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91351 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91371 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91378 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91384 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91387 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91337 |
| published_at |
2026-04-01T12:55:00Z |
|
| 12 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91341 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91359 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6830 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6830
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-87tp-awyv-4yad |
|
| 4 |
| url |
VCID-913x-rwya-xbgt |
| vulnerability_id |
VCID-913x-rwya-xbgt |
| summary |
audiofile: Heap-based buffer overflow in Expand3To4Module::run |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6836 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89652 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89721 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89705 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.8972 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89722 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89655 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.8967 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89672 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89689 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89695 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89702 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89701 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89694 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.8971 |
| published_at |
2026-04-16T12:55:00Z |
|
| 14 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89711 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6836 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6836
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-913x-rwya-xbgt |
|
| 5 |
| url |
VCID-aeat-dx5y-dfgr |
| vulnerability_id |
VCID-aeat-dx5y-dfgr |
| summary |
audiofile: Signed integer overflow in sfconvert.c |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6838 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90439 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90505 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90497 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90496 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90495 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90508 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90443 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90455 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90461 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90473 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90479 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90486 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.9048 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6838 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6838
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-aeat-dx5y-dfgr |
|
| 6 |
| url |
VCID-gg9m-4dyw-3ub1 |
| vulnerability_id |
VCID-gg9m-4dyw-3ub1 |
| summary |
audiofile: Divide-by-zero in BlockCodec::runPull |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90439 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90505 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90496 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90495 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90508 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90443 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90455 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90461 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90473 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90479 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90486 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.9048 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90497 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6833 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6833
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gg9m-4dyw-3ub1 |
|
| 7 |
| url |
VCID-j162-684h-wqak |
| vulnerability_id |
VCID-j162-684h-wqak |
| summary |
audiofile: Divide-by-zero in BlockCodec::reset1 |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6835 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89011 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89103 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89075 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89093 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.891 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89019 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89035 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89037 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89054 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89059 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89071 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89067 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89065 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89079 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6835 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6835
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j162-684h-wqak |
|
| 8 |
| url |
VCID-nmab-8ky6-nyb4 |
| vulnerability_id |
VCID-nmab-8ky6-nyb4 |
| summary |
audiofile: Heap-based buffer overflow in MSADPCM::initializeCoefficients |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6827 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.9692 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96928 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96932 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96936 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96944 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96946 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96949 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.9695 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96951 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96958 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96962 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96964 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96966 |
| published_at |
2026-04-26T12:55:00Z |
|
| 13 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96969 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6827 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6827
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nmab-8ky6-nyb4 |
|
| 9 |
| url |
VCID-qw16-rfw7-2qdk |
| vulnerability_id |
VCID-qw16-rfw7-2qdk |
| summary |
audiofile: Signed integer overflow in MSADPCM.cpp |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6839 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89011 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89054 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89019 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89035 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89037 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89059 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89071 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89067 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.9048 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90495 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90508 |
| published_at |
2026-04-26T12:55:00Z |
|
| 11 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90505 |
| published_at |
2026-04-29T12:55:00Z |
|
| 12 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90496 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90497 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6839 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6839
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qw16-rfw7-2qdk |
|
| 10 |
| url |
VCID-sekd-w6gm-67dv |
| vulnerability_id |
VCID-sekd-w6gm-67dv |
| summary |
audiofile: Heap-based buffer overflow in ulaw2linear_buf |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6834 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88931 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88897 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.8891 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88909 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88905 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88922 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88929 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91359 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91371 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91378 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91384 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91387 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91337 |
| published_at |
2026-04-01T12:55:00Z |
|
| 13 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91341 |
| published_at |
2026-04-02T12:55:00Z |
|
| 14 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91351 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6834 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6834
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sekd-w6gm-67dv |
|
| 11 |
| url |
VCID-sfj3-8vbt-bkfp |
| vulnerability_id |
VCID-sfj3-8vbt-bkfp |
| summary |
audiofile: Global buffer overflow in decodeSample |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6829 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89166 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89249 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89223 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.8924 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89246 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89173 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89187 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89189 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89208 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89212 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89222 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89218 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89228 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6829 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6829
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sfj3-8vbt-bkfp |
|
| 12 |
| url |
VCID-ur9b-fgja-r7he |
| vulnerability_id |
VCID-ur9b-fgja-r7he |
| summary |
audiofile: Heap-based buffer overflow in MSADPCM::decodeBlock |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6832 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.891 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89189 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89163 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89179 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89185 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89109 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89123 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89126 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89144 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89149 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.8916 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89156 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89153 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89166 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6832 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6832
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ur9b-fgja-r7he |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-3
|
|
|
pkg:alpm/archlinux/audiofile@0.3.6-4
|
alpm
|
archlinux
|
audiofile
|
0.3.6-4
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-2fxt-mcp5-vkdz |
| vulnerability_id |
VCID-2fxt-mcp5-vkdz |
| summary |
audiofile: Index out of bounds for type int16_t |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6837 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90718 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90789 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90788 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90784 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90783 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90794 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90724 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90735 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90746 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90757 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90763 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90771 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.06086 |
| scoring_system |
epss |
| scoring_elements |
0.90768 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6837 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6837
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2fxt-mcp5-vkdz |
|
| 1 |
| url |
VCID-411s-5r62-zubr |
| vulnerability_id |
VCID-411s-5r62-zubr |
| summary |
audiofile: Heap-based buffer overflow in readValue |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6828 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.17241 |
| scoring_system |
epss |
| scoring_elements |
0.95042 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
0.17241 |
| scoring_system |
epss |
| scoring_elements |
0.95028 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.17241 |
| scoring_system |
epss |
| scoring_elements |
0.95037 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.17241 |
| scoring_system |
epss |
| scoring_elements |
0.95041 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.17241 |
| scoring_system |
epss |
| scoring_elements |
0.95043 |
| published_at |
2026-04-29T12:55:00Z |
|
| 5 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.95739 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.95742 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.95746 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.9571 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.9573 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.95719 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.21753 |
| scoring_system |
epss |
| scoring_elements |
0.95727 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6828 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6828
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-411s-5r62-zubr |
|
| 2 |
| url |
VCID-5ckf-qbbb-57f7 |
| vulnerability_id |
VCID-5ckf-qbbb-57f7 |
| summary |
audiofile: Heap-based buffer overflow in IMA::decodeBlockWAVE |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6831 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.86128 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.86083 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.861 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.86105 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.86098 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.02789 |
| scoring_system |
epss |
| scoring_elements |
0.86118 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89123 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89144 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89149 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.8916 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89156 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.891 |
| published_at |
2026-04-01T12:55:00Z |
|
| 12 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89109 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89126 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6831 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6831
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5ckf-qbbb-57f7 |
|
| 3 |
| url |
VCID-87tp-awyv-4yad |
| vulnerability_id |
VCID-87tp-awyv-4yad |
| summary |
audiofile: Heap-based buffer overflow in alaw2linear_buf |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6830 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.89624 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.89594 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.89608 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.8961 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.89606 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.04897 |
| scoring_system |
epss |
| scoring_elements |
0.8962 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91351 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91371 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91378 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91384 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91387 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91337 |
| published_at |
2026-04-01T12:55:00Z |
|
| 12 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91341 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91359 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6830 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6830
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-87tp-awyv-4yad |
|
| 4 |
| url |
VCID-913x-rwya-xbgt |
| vulnerability_id |
VCID-913x-rwya-xbgt |
| summary |
audiofile: Heap-based buffer overflow in Expand3To4Module::run |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6836 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89652 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89721 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89705 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.8972 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89722 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89655 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.8967 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89672 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89689 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89695 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89702 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89701 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89694 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.8971 |
| published_at |
2026-04-16T12:55:00Z |
|
| 14 |
| value |
0.04984 |
| scoring_system |
epss |
| scoring_elements |
0.89711 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6836 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6836
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-913x-rwya-xbgt |
|
| 5 |
| url |
VCID-aeat-dx5y-dfgr |
| vulnerability_id |
VCID-aeat-dx5y-dfgr |
| summary |
audiofile: Signed integer overflow in sfconvert.c |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6838 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90439 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90505 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90497 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90496 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90495 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90508 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90443 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90455 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90461 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90473 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90479 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90486 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.9048 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6838 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6838
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-aeat-dx5y-dfgr |
|
| 6 |
| url |
VCID-gg9m-4dyw-3ub1 |
| vulnerability_id |
VCID-gg9m-4dyw-3ub1 |
| summary |
audiofile: Divide-by-zero in BlockCodec::runPull |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90439 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90505 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90496 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90495 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90508 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90443 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90455 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90461 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90473 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90479 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90486 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.9048 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90497 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6833 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6833
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gg9m-4dyw-3ub1 |
|
| 7 |
| url |
VCID-j162-684h-wqak |
| vulnerability_id |
VCID-j162-684h-wqak |
| summary |
audiofile: Divide-by-zero in BlockCodec::reset1 |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6835 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89011 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89103 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89075 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89093 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.891 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89019 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89035 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89037 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89054 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89059 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89071 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89067 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89065 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89079 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6835 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6835
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j162-684h-wqak |
|
| 8 |
| url |
VCID-nmab-8ky6-nyb4 |
| vulnerability_id |
VCID-nmab-8ky6-nyb4 |
| summary |
audiofile: Heap-based buffer overflow in MSADPCM::initializeCoefficients |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6827 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.9692 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96928 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96932 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96936 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96944 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96946 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96949 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.9695 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96951 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96958 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96962 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96964 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96966 |
| published_at |
2026-04-26T12:55:00Z |
|
| 13 |
| value |
0.33778 |
| scoring_system |
epss |
| scoring_elements |
0.96969 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6827 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6827
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nmab-8ky6-nyb4 |
|
| 9 |
| url |
VCID-qw16-rfw7-2qdk |
| vulnerability_id |
VCID-qw16-rfw7-2qdk |
| summary |
audiofile: Signed integer overflow in MSADPCM.cpp |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6839 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89011 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89054 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89019 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89035 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89037 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89059 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89071 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.04451 |
| scoring_system |
epss |
| scoring_elements |
0.89067 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.9048 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90495 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90508 |
| published_at |
2026-04-26T12:55:00Z |
|
| 11 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90505 |
| published_at |
2026-04-29T12:55:00Z |
|
| 12 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90496 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.05773 |
| scoring_system |
epss |
| scoring_elements |
0.90497 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6839 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6839
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qw16-rfw7-2qdk |
|
| 10 |
| url |
VCID-sekd-w6gm-67dv |
| vulnerability_id |
VCID-sekd-w6gm-67dv |
| summary |
audiofile: Heap-based buffer overflow in ulaw2linear_buf |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6834 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88931 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88897 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.8891 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88909 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88905 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88922 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.04313 |
| scoring_system |
epss |
| scoring_elements |
0.88929 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91359 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91371 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91378 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91384 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91387 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91337 |
| published_at |
2026-04-01T12:55:00Z |
|
| 13 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91341 |
| published_at |
2026-04-02T12:55:00Z |
|
| 14 |
| value |
0.06895 |
| scoring_system |
epss |
| scoring_elements |
0.91351 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6834 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6834
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sekd-w6gm-67dv |
|
| 11 |
| url |
VCID-sfj3-8vbt-bkfp |
| vulnerability_id |
VCID-sfj3-8vbt-bkfp |
| summary |
audiofile: Global buffer overflow in decodeSample |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6829 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89166 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89249 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89223 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.8924 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89246 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89173 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89187 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89189 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89208 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89212 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89222 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89218 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.04576 |
| scoring_system |
epss |
| scoring_elements |
0.89228 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6829 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6829
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sfj3-8vbt-bkfp |
|
| 12 |
| url |
VCID-ur9b-fgja-r7he |
| vulnerability_id |
VCID-ur9b-fgja-r7he |
| summary |
audiofile: Heap-based buffer overflow in MSADPCM::decodeBlock |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6832 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.891 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89189 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89163 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89179 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89185 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89109 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89123 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89126 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89144 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89149 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.8916 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89156 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89153 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.04517 |
| scoring_system |
epss |
| scoring_elements |
0.89166 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6832 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6832
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ur9b-fgja-r7he |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4
|
|
|
pkg:alpm/archlinux/avahi@0.8%2B20%2Bgd1e71b3-1
|
alpm
|
archlinux
|
avahi
|
0.8+20+gd1e71b3-1
|
|
|
true
|
0.8+22+gfd482a7-1
|
1:0.8+r127+g55d783d-1
|
| 0 |
| url |
VCID-hjrp-3yew-wqeg |
| vulnerability_id |
VCID-hjrp-3yew-wqeg |
| summary |
avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3502 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09103 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.0914 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09225 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09169 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09108 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09161 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09085 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09165 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09196 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09198 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09166 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09152 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09046 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09025 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09181 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3502 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3502
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrp-3yew-wqeg |
|
|
|
2.5
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B20%252Bgd1e71b3-1
|
|
|
pkg:alpm/archlinux/avahi@0.8%2B22%2Bgfd482a7-1
|
alpm
|
archlinux
|
avahi
|
0.8+22+gfd482a7-1
|
|
|
false
|
1:0.8+r127+g55d783d-1
|
1:0.8+r127+g55d783d-1
|
|
| 0 |
| url |
VCID-hjrp-3yew-wqeg |
| vulnerability_id |
VCID-hjrp-3yew-wqeg |
| summary |
avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3502 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09103 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.0914 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09225 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09169 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09108 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09161 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09085 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09165 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09196 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09198 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09166 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09152 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09046 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09025 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09181 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3502 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3502
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrp-3yew-wqeg |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B22%252Bgfd482a7-1
|
|
|
pkg:alpm/archlinux/avahi@0.8%2B22%2Bgfd482a7-3
|
alpm
|
archlinux
|
avahi
|
0.8+22+gfd482a7-3
|
|
|
true
|
1:0.8+r127+g55d783d-1
|
1:0.8+r127+g55d783d-1
|
| 0 |
| url |
VCID-rpzc-ryw1-p7e5 |
| vulnerability_id |
VCID-rpzc-ryw1-p7e5 |
| summary |
avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3468 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08621 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08683 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08726 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.0868 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08647 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08697 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08617 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08695 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08719 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08682 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08569 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08557 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08713 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3468 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3468
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rpzc-ryw1-p7e5 |
|
|
|
2.8
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B22%252Bgfd482a7-3
|
|
|
pkg:alpm/archlinux/avahi@1:0.8%2Br127%2Bg55d783d-1
|
alpm
|
archlinux
|
avahi
|
1:0.8+r127+g55d783d-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-rpzc-ryw1-p7e5 |
| vulnerability_id |
VCID-rpzc-ryw1-p7e5 |
| summary |
avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3468 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08621 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08683 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08726 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.0868 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08647 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08697 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08617 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08695 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08719 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08682 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08569 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08557 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08713 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3468 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3468
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rpzc-ryw1-p7e5 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@1:0.8%252Br127%252Bg55d783d-1
|
|
|
pkg:alpm/archlinux/awstats@7.8-2
|
alpm
|
archlinux
|
awstats
|
7.8-2
|
|
|
true
|
7.8-3
|
7.8-3
|
| 0 |
| url |
VCID-fxrv-1bju-qkgm |
| vulnerability_id |
VCID-fxrv-1bju-qkgm |
| summary |
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35176 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.7628 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76131 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76135 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76167 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76148 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.7618 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76194 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76218 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76192 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76233 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76237 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.7622 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76257 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76267 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35176 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-35176
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/awstats@7.8-2
|
|
|
pkg:alpm/archlinux/awstats@7.8-3
|
alpm
|
archlinux
|
awstats
|
7.8-3
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-fxrv-1bju-qkgm |
| vulnerability_id |
VCID-fxrv-1bju-qkgm |
| summary |
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35176 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.7628 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76131 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76135 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76167 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76148 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.7618 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76194 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76218 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76192 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76233 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76237 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.7622 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76257 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00937 |
| scoring_system |
epss |
| scoring_elements |
0.76267 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35176 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-35176
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/awstats@7.8-3
|
|
|
pkg:alpm/archlinux/bash@4.3.026-1
|
alpm
|
archlinux
|
bash
|
4.3.026-1
|
|
|
true
|
4.3.027-1
|
4.3.027-1
|
| 0 |
| url |
VCID-sqj7-9htv-nbfn |
| vulnerability_id |
VCID-sqj7-9htv-nbfn |
| summary |
Multiple parsing flaws in Bash could allow remote attackers to
inject code or cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6277 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.86544 |
| scoring_system |
epss |
| scoring_elements |
0.99416 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.86752 |
| scoring_system |
epss |
| scoring_elements |
0.99429 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.86752 |
| scoring_system |
epss |
| scoring_elements |
0.99428 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.86752 |
| scoring_system |
epss |
| scoring_elements |
0.99427 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.86752 |
| scoring_system |
epss |
| scoring_elements |
0.99426 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.99475 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.99474 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.9947 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.99471 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.99473 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.99468 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6277 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-6277
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sqj7-9htv-nbfn |
|
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bash@4.3.026-1
|
|
|
pkg:alpm/archlinux/bash@4.3.027-1
|
alpm
|
archlinux
|
bash
|
4.3.027-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-sqj7-9htv-nbfn |
| vulnerability_id |
VCID-sqj7-9htv-nbfn |
| summary |
Multiple parsing flaws in Bash could allow remote attackers to
inject code or cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6277 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.86544 |
| scoring_system |
epss |
| scoring_elements |
0.99416 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.86752 |
| scoring_system |
epss |
| scoring_elements |
0.99429 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.86752 |
| scoring_system |
epss |
| scoring_elements |
0.99428 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.86752 |
| scoring_system |
epss |
| scoring_elements |
0.99427 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.86752 |
| scoring_system |
epss |
| scoring_elements |
0.99426 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.99475 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.99474 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.9947 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.99471 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.99473 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.87816 |
| scoring_system |
epss |
| scoring_elements |
0.99468 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6277 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-6277
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sqj7-9htv-nbfn |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bash@4.3.027-1
|
|
|
pkg:alpm/archlinux/bat@0.18.1-1
|
alpm
|
archlinux
|
bat
|
0.18.1-1
|
|
|
true
|
0.18.2-1
|
0.18.2-1
|
| 0 |
| url |
VCID-gabj-syb9-c7ff |
| vulnerability_id |
VCID-gabj-syb9-c7ff |
| summary |
Uncontrolled Search Path Element in sharkdp/bat
bat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36753 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41467 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41167 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41463 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.4134 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.4142 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41432 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41461 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41388 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41438 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41446 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41435 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41247 |
| published_at |
2026-04-26T12:55:00Z |
|
| 12 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41253 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41361 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36753 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-36753, GHSA-p24j-h477-76q3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gabj-syb9-c7ff |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bat@0.18.1-1
|
|
|
pkg:alpm/archlinux/bat@0.18.2-1
|
alpm
|
archlinux
|
bat
|
0.18.2-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-gabj-syb9-c7ff |
| vulnerability_id |
VCID-gabj-syb9-c7ff |
| summary |
Uncontrolled Search Path Element in sharkdp/bat
bat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36753 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41467 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41167 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41463 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.4134 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.4142 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41432 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41461 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41388 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41438 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41446 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41435 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41247 |
| published_at |
2026-04-26T12:55:00Z |
|
| 12 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41253 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41361 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36753 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-36753, GHSA-p24j-h477-76q3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gabj-syb9-c7ff |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bat@0.18.2-1
|
|
|
pkg:alpm/archlinux/bchunk@1.2.0-4
|
alpm
|
archlinux
|
bchunk
|
1.2.0-4
|
|
|
true
|
1.2.2-4
|
1.2.2-4
|
| 0 |
| url |
VCID-dk5f-hadp-87e7 |
| vulnerability_id |
VCID-dk5f-hadp-87e7 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15953 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50095 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50135 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50142 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50085 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.5012 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50148 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50098 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50152 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50145 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50162 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50136 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50132 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50176 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.5015 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15953 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15953
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dk5f-hadp-87e7 |
|
| 1 |
| url |
VCID-syvr-upka-zybt |
| vulnerability_id |
VCID-syvr-upka-zybt |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15954 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53955 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53973 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53985 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53899 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53916 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53944 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53919 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53971 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.5397 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.54017 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.54 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53982 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.54021 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.54025 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.54007 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15954 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15954
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-syvr-upka-zybt |
|
| 2 |
| url |
VCID-xatx-tmp5-cka2 |
| vulnerability_id |
VCID-xatx-tmp5-cka2 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15955 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48434 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.4849 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48488 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48418 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48455 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48477 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48429 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48484 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48478 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48501 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48475 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48487 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48538 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48533 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15955 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15955
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xatx-tmp5-cka2 |
|
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.0-4
|
|
|
pkg:alpm/archlinux/bchunk@1.2.2-4
|
alpm
|
archlinux
|
bchunk
|
1.2.2-4
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-dk5f-hadp-87e7 |
| vulnerability_id |
VCID-dk5f-hadp-87e7 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15953 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50095 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50135 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50142 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50085 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.5012 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50148 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50098 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50152 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50145 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50162 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50136 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50132 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50176 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.5015 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15953 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15953
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dk5f-hadp-87e7 |
|
| 1 |
| url |
VCID-syvr-upka-zybt |
| vulnerability_id |
VCID-syvr-upka-zybt |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15954 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53955 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53973 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53985 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53899 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53916 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53944 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53919 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53971 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.5397 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.54017 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.54 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53982 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.54021 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.54025 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.54007 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15954 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15954
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-syvr-upka-zybt |
|
| 2 |
| url |
VCID-xatx-tmp5-cka2 |
| vulnerability_id |
VCID-xatx-tmp5-cka2 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15955 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48434 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.4849 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48488 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48418 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48455 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48477 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48429 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48484 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48478 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48501 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48475 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48487 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48538 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48533 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15955 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-15955
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xatx-tmp5-cka2 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4
|
|
|
pkg:alpm/archlinux/bcprov@1.66-1
|
alpm
|
archlinux
|
bcprov
|
1.66-1
|
|
|
true
|
1.67-1
|
1.67-1
|
| 0 |
| url |
VCID-amzx-sbps-xke5 |
| vulnerability_id |
VCID-amzx-sbps-xke5 |
| summary |
Logic error in Legion of the Bouncy Castle BC Java
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-28052 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88623 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88624 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88619 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88602 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88605 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88609 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88595 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88603 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88591 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88586 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88539 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88568 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88565 |
| published_at |
2026-04-04T12:55:00Z |
|
| 13 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88547 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-28052 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-28052, GHSA-73xv-w5gp-frxh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-amzx-sbps-xke5 |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bcprov@1.66-1
|
|
|
pkg:alpm/archlinux/bcprov@1.67-1
|
alpm
|
archlinux
|
bcprov
|
1.67-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-amzx-sbps-xke5 |
| vulnerability_id |
VCID-amzx-sbps-xke5 |
| summary |
Logic error in Legion of the Bouncy Castle BC Java
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-28052 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88623 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88624 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88619 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88602 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88605 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88609 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88595 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88603 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88591 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88586 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88539 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88568 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88565 |
| published_at |
2026-04-04T12:55:00Z |
|
| 13 |
| value |
0.04099 |
| scoring_system |
epss |
| scoring_elements |
0.88547 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-28052 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-28052, GHSA-73xv-w5gp-frxh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-amzx-sbps-xke5 |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bcprov@1.67-1
|
|
|
pkg:alpm/archlinux/beep@1.3-4
|
alpm
|
archlinux
|
beep
|
1.3-4
|
|
|
true
|
1.4.4-1
|
1.4.4-1
|
| 0 |
| url |
VCID-gupx-n3wg-mygd |
| vulnerability_id |
VCID-gupx-n3wg-mygd |
| summary |
A vulnerability in beep could allow local attackers to escalate
privileges. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-0492 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84091 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.83961 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.83975 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.8399 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.83994 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84017 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84023 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.8404 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84033 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84029 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84053 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84055 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84081 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84087 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-0492 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-0492
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gupx-n3wg-mygd |
|
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/beep@1.3-4
|
|
|
pkg:alpm/archlinux/beep@1.4.4-1
|
alpm
|
archlinux
|
beep
|
1.4.4-1
|
|
|
false
|
null
|
null
|
|
| 0 |
| url |
VCID-gupx-n3wg-mygd |
| vulnerability_id |
VCID-gupx-n3wg-mygd |
| summary |
A vulnerability in beep could allow local attackers to escalate
privileges. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-0492 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84091 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.83961 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.83975 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.8399 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.83994 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84017 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84023 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.8404 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84033 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84029 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84053 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84055 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84081 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.0209 |
| scoring_system |
epss |
| scoring_elements |
0.84087 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-0492 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-0492
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gupx-n3wg-mygd |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/beep@1.4.4-1
|
|
|
pkg:alpm/archlinux/bind@9.10.4.P2-1
|
alpm
|
archlinux
|
bind
|
9.10.4.P2-1
|
|
|
true
|
9.10.4.P3-1
|
9.20.9-1
|
| 0 |
| url |
VCID-4cxw-y4nn-2bem |
| vulnerability_id |
VCID-4cxw-y4nn-2bem |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which could cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2776 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99428 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99438 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99437 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99436 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99427 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99429 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99431 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99433 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99434 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2776 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2776
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4cxw-y4nn-2bem |
|
|
|
10.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.10.4.P2-1
|
|
|
pkg:alpm/archlinux/bind@9.10.4.P3-1
|
alpm
|
archlinux
|
bind
|
9.10.4.P3-1
|
|
|
false
|
9.11.0.P1-1
|
9.20.9-1
|
|
| 0 |
| url |
VCID-4cxw-y4nn-2bem |
| vulnerability_id |
VCID-4cxw-y4nn-2bem |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which could cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2776 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99428 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99438 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99437 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99436 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99427 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99429 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99431 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99433 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.86964 |
| scoring_system |
epss |
| scoring_elements |
0.99434 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2776 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2776
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4cxw-y4nn-2bem |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.10.4.P3-1
|
|
|
pkg:alpm/archlinux/bind@9.11.0-2
|
alpm
|
archlinux
|
bind
|
9.11.0-2
|
|
|
true
|
9.11.0.P1-1
|
9.20.9-1
|
| 0 |
| url |
VCID-pn63-zx6s-gfgc |
| vulnerability_id |
VCID-pn63-zx6s-gfgc |
| summary |
A vulnerability in BIND might allow remote attackers to cause a
Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-8864 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97582 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97619 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97606 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97614 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97615 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97589 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97592 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97593 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97598 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.976 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97603 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97605 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-8864 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-8864
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pn63-zx6s-gfgc |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0-2
|
|
|
pkg:alpm/archlinux/bind@9.11.0.P1-1
|
alpm
|
archlinux
|
bind
|
9.11.0.P1-1
|
|
|
false
|
9.11.0.P3-1
|
9.20.9-1
|
|
| 0 |
| url |
VCID-pn63-zx6s-gfgc |
| vulnerability_id |
VCID-pn63-zx6s-gfgc |
| summary |
A vulnerability in BIND might allow remote attackers to cause a
Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-8864 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97582 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97619 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97606 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97614 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97615 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97589 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97592 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97593 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97598 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.976 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97603 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.45373 |
| scoring_system |
epss |
| scoring_elements |
0.97605 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-8864 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-8864
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pn63-zx6s-gfgc |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P1-1
|
|
|
pkg:alpm/archlinux/bind@9.11.0.P1-3
|
alpm
|
archlinux
|
bind
|
9.11.0.P1-3
|
|
|
true
|
9.11.0.P3-1
|
9.20.9-1
|
| 0 |
| url |
VCID-5jpj-6zqd-3ub9 |
| vulnerability_id |
VCID-5jpj-6zqd-3ub9 |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9147 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98089 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98114 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98111 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98112 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98092 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98096 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98101 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98106 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98107 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98113 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98115 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.9811 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9147 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9147
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5jpj-6zqd-3ub9 |
|
| 1 |
| url |
VCID-7n8z-mhbn-xudt |
| vulnerability_id |
VCID-7n8z-mhbn-xudt |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9778 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0542 |
| scoring_system |
epss |
| scoring_elements |
0.90177 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0542 |
| scoring_system |
epss |
| scoring_elements |
0.90169 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0542 |
| scoring_system |
epss |
| scoring_elements |
0.90166 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.0542 |
| scoring_system |
epss |
| scoring_elements |
0.9018 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91182 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91132 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91137 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91145 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91153 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91166 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91173 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.9118 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9778 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9778
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7n8z-mhbn-xudt |
|
| 2 |
| url |
VCID-s4q2-n72q-vuhh |
| vulnerability_id |
VCID-s4q2-n72q-vuhh |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9444 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97823 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97857 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97855 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97853 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97829 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.9783 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97833 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97837 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.9784 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97843 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97845 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97846 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97852 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9444 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9444
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s4q2-n72q-vuhh |
|
| 3 |
| url |
VCID-uze1-hja3-kubc |
| vulnerability_id |
VCID-uze1-hja3-kubc |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9131 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98764 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98786 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98784 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98785 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98765 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98768 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.9877 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98771 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98773 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98774 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98775 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98778 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98779 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98781 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9131 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9131
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uze1-hja3-kubc |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P1-3
|
|
|
pkg:alpm/archlinux/bind@9.11.0.P2-1
|
alpm
|
archlinux
|
bind
|
9.11.0.P2-1
|
|
|
true
|
9.11.0.P3-1
|
9.20.9-1
|
| 0 |
| url |
VCID-xatr-hnmn-mfbj |
| vulnerability_id |
VCID-xatr-hnmn-mfbj |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3135 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96961 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.9701 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.9699 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96999 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.97002 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.97005 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.97006 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.97008 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96969 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96974 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96976 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96985 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96986 |
| published_at |
2026-04-09T12:55:00Z |
|
| 13 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96988 |
| published_at |
2026-04-11T12:55:00Z |
|
| 14 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96989 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3135 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3135
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xatr-hnmn-mfbj |
|
|
| 0 |
| url |
VCID-5jpj-6zqd-3ub9 |
| vulnerability_id |
VCID-5jpj-6zqd-3ub9 |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9147 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98089 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98114 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98111 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98112 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98092 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98096 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98101 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98106 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98107 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98113 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.98115 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.56165 |
| scoring_system |
epss |
| scoring_elements |
0.9811 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9147 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9147
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5jpj-6zqd-3ub9 |
|
| 1 |
| url |
VCID-7n8z-mhbn-xudt |
| vulnerability_id |
VCID-7n8z-mhbn-xudt |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9778 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0542 |
| scoring_system |
epss |
| scoring_elements |
0.90177 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.0542 |
| scoring_system |
epss |
| scoring_elements |
0.90169 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0542 |
| scoring_system |
epss |
| scoring_elements |
0.90166 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.0542 |
| scoring_system |
epss |
| scoring_elements |
0.9018 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91182 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91132 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91137 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91145 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91153 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91166 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.91173 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.06614 |
| scoring_system |
epss |
| scoring_elements |
0.9118 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9778 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9778
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7n8z-mhbn-xudt |
|
| 2 |
| url |
VCID-s4q2-n72q-vuhh |
| vulnerability_id |
VCID-s4q2-n72q-vuhh |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9444 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97823 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97857 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97855 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97853 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97829 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.9783 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97833 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97837 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.9784 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97843 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97845 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97846 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.5046 |
| scoring_system |
epss |
| scoring_elements |
0.97852 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9444 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9444
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s4q2-n72q-vuhh |
|
| 3 |
| url |
VCID-uze1-hja3-kubc |
| vulnerability_id |
VCID-uze1-hja3-kubc |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9131 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98764 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98786 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98784 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98785 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98765 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98768 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.9877 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98771 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98773 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98774 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98775 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98778 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98779 |
| published_at |
2026-04-18T12:55:00Z |
|
| 13 |
| value |
0.7283 |
| scoring_system |
epss |
| scoring_elements |
0.98781 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9131 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9131
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uze1-hja3-kubc |
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1
|
|
|
pkg:alpm/archlinux/bind@9.11.0.P3-1
|
alpm
|
archlinux
|
bind
|
9.11.0.P3-1
|
|
|
false
|
9.11.1.P2-1
|
9.20.9-1
|
|
| 0 |
| url |
VCID-xatr-hnmn-mfbj |
| vulnerability_id |
VCID-xatr-hnmn-mfbj |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3135 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96961 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.9701 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.9699 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96999 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.97002 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.97005 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.97006 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.97008 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96969 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96974 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96976 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96985 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96986 |
| published_at |
2026-04-09T12:55:00Z |
|
| 13 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96988 |
| published_at |
2026-04-11T12:55:00Z |
|
| 14 |
| value |
0.34413 |
| scoring_system |
epss |
| scoring_elements |
0.96989 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3135 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3135
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xatr-hnmn-mfbj |
|
|
null
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P3-1
|
|
|
pkg:alpm/archlinux/bind@9.11.0.P3-4
|
alpm
|
archlinux
|
bind
|
9.11.0.P3-4
|
|
|
true
|
9.11.1.P2-1
|
9.20.9-1
|
| 0 |
| url |
VCID-ruf8-3syu-vyew |
| vulnerability_id |
VCID-ruf8-3syu-vyew |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3138 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.3793 |
| scoring_system |
epss |
| scoring_elements |
0.97227 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.3793 |
| scoring_system |
epss |
| scoring_elements |
0.97218 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.3793 |
| scoring_system |
epss |
| scoring_elements |
0.9722 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.3793 |
| scoring_system |
epss |
| scoring_elements |
0.97224 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.3793 |
| scoring_system |
epss |
| scoring_elements |
0.97225 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97231 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97237 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97242 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97243 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.9725 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97251 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97255 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97256 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3138 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3138
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ruf8-3syu-vyew |
|
| 1 |
| url |
VCID-sh9s-2ef5-ruct |
| vulnerability_id |
VCID-sh9s-2ef5-ruct |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3137 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96496 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96544 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96527 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.9653 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96536 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96542 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96543 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96504 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96508 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96512 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.9652 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96523 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96526 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3137 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3137
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sh9s-2ef5-ruct |
|
| 2 |
| url |
VCID-tp19-8gsn-n7ez |
| vulnerability_id |
VCID-tp19-8gsn-n7ez |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3136 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.48516 |
| scoring_system |
epss |
| scoring_elements |
0.97764 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.48516 |
| scoring_system |
epss |
| scoring_elements |
0.97755 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.48516 |
| scoring_system |
epss |
| scoring_elements |
0.97758 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.48516 |
| scoring_system |
epss |
| scoring_elements |
0.97757 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97767 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97774 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97776 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.9778 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97783 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97786 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97788 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97789 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3136 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3136
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tp19-8gsn-n7ez |
|
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P3-4
|
|
|
pkg:alpm/archlinux/bind@9.11.1-1
|
alpm
|
archlinux
|
bind
|
9.11.1-1
|
|
|
true
|
9.11.1.P2-1
|
9.20.9-1
|
| 0 |
| url |
VCID-t4dn-73sn-57c1 |
| vulnerability_id |
VCID-t4dn-73sn-57c1 |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3140 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95366 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95421 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95401 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95403 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95411 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95415 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95418 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.9542 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95375 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95382 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95386 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95393 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95395 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3140 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3140
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t4dn-73sn-57c1 |
|
|
| 0 |
| url |
VCID-ruf8-3syu-vyew |
| vulnerability_id |
VCID-ruf8-3syu-vyew |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3138 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.3793 |
| scoring_system |
epss |
| scoring_elements |
0.97227 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.3793 |
| scoring_system |
epss |
| scoring_elements |
0.97218 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.3793 |
| scoring_system |
epss |
| scoring_elements |
0.9722 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.3793 |
| scoring_system |
epss |
| scoring_elements |
0.97224 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.3793 |
| scoring_system |
epss |
| scoring_elements |
0.97225 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97231 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97237 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97242 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97243 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.9725 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97251 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97255 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.38782 |
| scoring_system |
epss |
| scoring_elements |
0.97256 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3138 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3138
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ruf8-3syu-vyew |
|
| 1 |
| url |
VCID-sh9s-2ef5-ruct |
| vulnerability_id |
VCID-sh9s-2ef5-ruct |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3137 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96496 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96544 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96527 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.9653 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96536 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96542 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96543 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96504 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96508 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96512 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.9652 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96523 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.28496 |
| scoring_system |
epss |
| scoring_elements |
0.96526 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3137 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3137
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sh9s-2ef5-ruct |
|
| 2 |
| url |
VCID-tp19-8gsn-n7ez |
| vulnerability_id |
VCID-tp19-8gsn-n7ez |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3136 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.48516 |
| scoring_system |
epss |
| scoring_elements |
0.97764 |
| published_at |
2026-04-29T12:55:00Z |
|
| 1 |
| value |
0.48516 |
| scoring_system |
epss |
| scoring_elements |
0.97755 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.48516 |
| scoring_system |
epss |
| scoring_elements |
0.97758 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.48516 |
| scoring_system |
epss |
| scoring_elements |
0.97757 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97767 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97774 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97776 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.9778 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97783 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97786 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97788 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.49378 |
| scoring_system |
epss |
| scoring_elements |
0.97789 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3136 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3136
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tp19-8gsn-n7ez |
|
|
3.1
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1
|
|
|
pkg:alpm/archlinux/bind@9.11.1.P1-1
|
alpm
|
archlinux
|
bind
|
9.11.1.P1-1
|
|
|
true
|
9.11.1.P2-1
|
9.20.9-1
|
| 0 |
| url |
VCID-ddg3-vmpb-cbhs |
| vulnerability_id |
VCID-ddg3-vmpb-cbhs |
| summary |
security update |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3142 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89613 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89678 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89652 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89666 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89668 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89661 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89677 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89679 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89616 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89629 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.8963 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89647 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89653 |
| published_at |
2026-04-09T12:55:00Z |
|
| 13 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.8966 |
| published_at |
2026-04-11T12:55:00Z |
|
| 14 |
| value |
0.04951 |
| scoring_system |
epss |
| scoring_elements |
0.89658 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3142 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3142
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ddg3-vmpb-cbhs |
|
| 1 |
| url |
VCID-tg7b-ra4c-cue1 |
| vulnerability_id |
VCID-tg7b-ra4c-cue1 |
| summary |
security update |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3143 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96329 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.9638 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96361 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96364 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96372 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96376 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96378 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96379 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96337 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96341 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96345 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96353 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.26927 |
| scoring_system |
epss |
| scoring_elements |
0.96357 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3143 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3143
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7b-ra4c-cue1 |
|
|
| 0 |
| url |
VCID-t4dn-73sn-57c1 |
| vulnerability_id |
VCID-t4dn-73sn-57c1 |
| summary |
Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3140 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95366 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95421 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95401 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95403 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95411 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95415 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95418 |
| published_at |
2026-04-24T12:55:00Z |
|
| 7 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.9542 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95375 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95382 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95386 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95393 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.19519 |
| scoring_system |
epss |
| scoring_elements |
0.95395 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-3140 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-3140
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t4dn-73sn-57c1 |
|
|
4.0
|
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P1-1
|
|