Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/190839?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "type": "ebuild", "namespace": "app-emulation", "name": "xen-pvgrub", "version": "4.2.2-r1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.2.2-r3", "latest_non_vulnerable_version": "4.7.3", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106140?format=api", "vulnerability_id": "VCID-1g8j-jzbj-hua1", "summary": "Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6333.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21623", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21702", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21688", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877365", "reference_id": "877365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877365" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-27.html", "reference_id": "XSA-27", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-27.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-6333" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1g8j-jzbj-hua1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106134?format=api", "vulnerability_id": "VCID-1hyu-e9tj-t3bx", "summary": "The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6033.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6033.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21704", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21782", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2177", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6033" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6033" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6033" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hyu-e9tj-t3bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106100?format=api", "vulnerability_id": "VCID-1ud2-yvae-zqf6", "summary": "The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3432.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3432.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80933", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80961", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80963", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3432" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683279", "reference_id": "683279", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683279" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=843570", "reference_id": "843570", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843570" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-10.html", "reference_id": "XSA-10", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-10.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-3432" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ud2-yvae-zqf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106149?format=api", "vulnerability_id": "VCID-29qa-n5xd-bqdz", "summary": "Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1917.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1917.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22545", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22628", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22613", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=950668", "reference_id": "950668", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=950668" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-44.html", "reference_id": "XSA-44", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-44.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-1917" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29qa-n5xd-bqdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106141?format=api", "vulnerability_id": "VCID-2qj8-gztm-qydx", "summary": "The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0151.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0151.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0151", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31552", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3162", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31585", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0151" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=893144", "reference_id": "893144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=893144" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-34.html", "reference_id": "XSA-34", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-34.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-0151" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qj8-gztm-qydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106118?format=api", "vulnerability_id": "VCID-3d6h-9r6r-7ydv", "summary": "Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka \"Grant table hypercall infinite loop DoS vulnerability.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4539.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4539.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22538", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22622", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22607", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4539" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=870110", "reference_id": "870110", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=870110" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-24.html", "reference_id": "XSA-24", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-24.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4539" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3d6h-9r6r-7ydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106142?format=api", "vulnerability_id": "VCID-4244-bkjk-5qe5", "summary": "Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0152.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16841", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16921", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16916", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0152" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=893144", "reference_id": "893144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=893144" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-35.html", "reference_id": "XSA-35", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-35.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-0152" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4244-bkjk-5qe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106162?format=api", "vulnerability_id": "VCID-4maf-w421-bfha", "summary": "The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2211.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46221", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46288", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.4629", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=971503", "reference_id": "971503", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971503" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-57.html", "reference_id": "XSA-57", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-57.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-2211" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4maf-w421-bfha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106121?format=api", "vulnerability_id": "VCID-5fnu-s671-67a8", "summary": "Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5511.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26034", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26137", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26131", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877365", "reference_id": "877365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877365" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-27.html", "reference_id": "XSA-27", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-27.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-5511" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5fnu-s671-67a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99083?format=api", "vulnerability_id": "VCID-6crp-yd3p-5qem", "summary": "qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1922.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1922.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2342", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23502", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23489", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705544", "reference_id": "705544", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705544" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=923219", "reference_id": "923219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923219" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-48.html", "reference_id": "XSA-48", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-48.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-1922" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6crp-yd3p-5qem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106088?format=api", "vulnerability_id": "VCID-6mzq-8k9j-dkfd", "summary": "Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2901.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2901.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30391", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30464", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30431", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2901" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=728042", "reference_id": "728042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=728042" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1212", "reference_id": "RHSA-2011:1212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1813", "reference_id": "RHSA-2011:1813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1813" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-4.html", "reference_id": "XSA-4", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-4.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2011-2901" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mzq-8k9j-dkfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106125?format=api", "vulnerability_id": "VCID-6pnc-8hbd-y3ds", "summary": "The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5513.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34125", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34224", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3424", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877391", "reference_id": "877391", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877391" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1540", "reference_id": "RHSA-2012:1540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1540" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-29.html", "reference_id": "XSA-29", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-29.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-5513" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pnc-8hbd-y3ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106147?format=api", "vulnerability_id": "VCID-78km-zngh-1uaj", "summary": "Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1432.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1432.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61658", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61706", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61714", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=974250", "reference_id": "974250", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974250" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-58.html", "reference_id": "XSA-58", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-58.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-1432" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-78km-zngh-1uaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106137?format=api", "vulnerability_id": "VCID-7td2-sf5w-ybc7", "summary": "The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6035.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6035.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28397", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28469", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28428", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6035" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6035" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7td2-sf5w-ybc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106107?format=api", "vulnerability_id": "VCID-8hcx-xfvm-2ue2", "summary": "(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3497.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3497.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28387", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2846", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28419", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-15.html", "reference_id": "XSA-15", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3497" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hcx-xfvm-2ue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106126?format=api", "vulnerability_id": "VCID-8jnb-jcph-ekfx", "summary": "The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5514.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21456", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21537", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21524", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877393", "reference_id": "877393", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877393" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-30.html", "reference_id": "XSA-30", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-30.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-5514" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8jnb-jcph-ekfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106113?format=api", "vulnerability_id": "VCID-8kq1-rskm-afez", "summary": "Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an \"inappropriate deadline.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4535.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28166", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28237", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28187", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4535" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=870086", "reference_id": "870086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=870086" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1540", "reference_id": "RHSA-2012:1540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1540" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-20.html", "reference_id": "XSA-20", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-20.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4535" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8kq1-rskm-afez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106120?format=api", "vulnerability_id": "VCID-8sea-h58p-sucn", "summary": "Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5510.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5510.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25887", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25989", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25982", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5510" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877358", "reference_id": "877358", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877358" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-26.html", "reference_id": "XSA-26", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-26.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-5510" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sea-h58p-sucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106116?format=api", "vulnerability_id": "VCID-93cc-vcu3-3qct", "summary": "Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka \"Memory mapping failure DoS vulnerability.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4537.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4537.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4537", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28166", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28237", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28187", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=870101", "reference_id": "870101", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=870101" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1540", "reference_id": "RHSA-2012:1540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1540" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-22.html", "reference_id": "XSA-22", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-22.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4537" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93cc-vcu3-3qct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106153?format=api", "vulnerability_id": "VCID-9592-x9wu-mycz", "summary": "Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1952.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1952.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21905", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21987", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21973", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1952" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=956309", "reference_id": "956309", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956309" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-49.html", "reference_id": "XSA-49", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-49.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-1952" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9592-x9wu-mycz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106099?format=api", "vulnerability_id": "VCID-968m-gch4-b3bg", "summary": "Xen 4.0, and 4.1, when running a 64-bit PV guest on \"older\" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2934.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37671", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37762", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37766", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2934" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=824966", "reference_id": "824966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=824966" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0721", "reference_id": "RHSA-2012:0721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0721" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-9.html", "reference_id": "XSA-9", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-9.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-2934" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-968m-gch4-b3bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106160?format=api", "vulnerability_id": "VCID-99jr-xuhp-k3fx", "summary": "The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to \"pointer dereferences\" involving unexpected calculations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2195.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2195.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12084", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12167", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12165", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=970631", "reference_id": "970631", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=970631" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-55.html", "reference_id": "XSA-55", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-55.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-2195" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99jr-xuhp-k3fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106157?format=api", "vulnerability_id": "VCID-a91z-faxn-jqaf", "summary": "Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2077.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30391", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30464", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30431", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=964261", "reference_id": "964261", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=964261" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-53.html", "reference_id": "XSA-53", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-53.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-2077" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a91z-faxn-jqaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106143?format=api", "vulnerability_id": "VCID-ab6j-q2j7-y7fc", "summary": "The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0153.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30368", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30443", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3041", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=910903", "reference_id": "910903", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=910903" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0847", "reference_id": "RHSA-2013:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0847" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-36.html", "reference_id": "XSA-36", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-36.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-0153" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ab6j-q2j7-y7fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106130?format=api", "vulnerability_id": "VCID-atsw-3rsv-wbh6", "summary": "Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5634.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5634.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58711", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58757", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58763", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=886959", "reference_id": "886959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=886959" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-33.html", "reference_id": "XSA-33", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-33.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-5634" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atsw-3rsv-wbh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106159?format=api", "vulnerability_id": "VCID-aw2k-q233-4uep", "summary": "Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2194.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2194.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12084", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12167", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12165", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=970631", "reference_id": "970631", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=970631" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-55.html", "reference_id": "XSA-55", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-55.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-2194" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aw2k-q233-4uep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106144?format=api", "vulnerability_id": "VCID-bh2g-qv1e-7fdh", "summary": "The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0154.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0154.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22298", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22383", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22371", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0154" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892647", "reference_id": "892647", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892647" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-37.html", "reference_id": "XSA-37", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-37.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-0154" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bh2g-qv1e-7fdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106154?format=api", "vulnerability_id": "VCID-c4dv-qjd3-sud1", "summary": "Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1964.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22901", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22983", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22968", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1964" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=953632", "reference_id": "953632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953632" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-50.html", "reference_id": "XSA-50", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-50.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-1964" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4dv-qjd3-sud1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99081?format=api", "vulnerability_id": "VCID-c61e-4uev-xket", "summary": "Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a \"device model's address space.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3515.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27324", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27393", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27343", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851252", "reference_id": "851252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851252" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1233", "reference_id": "RHSA-2012:1233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1234", "reference_id": "RHSA-2012:1234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1235", "reference_id": "RHSA-2012:1235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1236", "reference_id": "RHSA-2012:1236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1325", "reference_id": "RHSA-2012:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1325" }, { "reference_url": "https://usn.ubuntu.com/1590-1/", "reference_id": "USN-1590-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1590-1/" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-17.html", "reference_id": "XSA-17", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-17.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3515" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c61e-4uev-xket" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106117?format=api", "vulnerability_id": "VCID-ceuu-4hjd-7qfx", "summary": "The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4538.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4538.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4538", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17084", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1716", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17156", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=870106", "reference_id": "870106", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=870106" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-23.html", "reference_id": "XSA-23", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-23.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4538" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ceuu-4hjd-7qfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106158?format=api", "vulnerability_id": "VCID-cqwg-b9mw-5bdm", "summary": "Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2078.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1755", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17629", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17623", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=964264", "reference_id": "964264", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=964264" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-54.html", "reference_id": "XSA-54", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-54.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-2078" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqwg-b9mw-5bdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106106?format=api", "vulnerability_id": "VCID-dwmv-fd24-93by", "summary": "XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3496.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26093", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26197", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26189", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3496" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851172", "reference_id": "851172", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851172" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-14.html", "reference_id": "XSA-14", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-14.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3496" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwmv-fd24-93by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106094?format=api", "vulnerability_id": "VCID-f1ff-gy8h-4ben", "summary": "The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0217.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88004", "scoring_system": "epss", "scoring_elements": "0.99498", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.88004", "scoring_system": "epss", "scoring_elements": "0.99499", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=813428", "reference_id": "813428", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=813428" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/freebsd_x86-64/local/46508.rb", "reference_id": "CVE-2012-0217", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/freebsd_x86-64/local/46508.rb" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/468679f9074ee4a7de7624d3440ff6e7f65cf9c2/modules/exploits/freebsd/local/intel_sysret_priv_esc.rb", "reference_id": "CVE-2012-0217", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/468679f9074ee4a7de7624d3440ff6e7f65cf9c2/modules/exploits/freebsd/local/intel_sysret_priv_esc.rb" }, { "reference_url": "http://packetstormsecurity.org/files/115908/sysret.rar", "reference_id": "CVE-2012-0217;OSVDB-82850;MS12-042", "reference_type": "exploit", "scores": [], "url": "http://packetstormsecurity.org/files/115908/sysret.rar" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86-64/local/20861.txt", "reference_id": "CVE-2012-0217;OSVDB-82850;MS12-042", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86-64/local/20861.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/freebsd/local/28718.c", "reference_id": "CVE-2012-0217;OSVDB-82949", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/freebsd/local/28718.c" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0720", "reference_id": "RHSA-2012:0720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0721", "reference_id": "RHSA-2012:0721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0721" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-7.html", "reference_id": "XSA-7", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-7.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-0217" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1ff-gy8h-4ben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106152?format=api", "vulnerability_id": "VCID-fe56-4226-77ev", "summary": "Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running \"under memory pressure\" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1920.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1920.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1920", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19961", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20037", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20031", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1920" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=950097", "reference_id": "950097", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=950097" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-47.html", "reference_id": "XSA-47", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-47.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-1920" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fe56-4226-77ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106132?format=api", "vulnerability_id": "VCID-frp7-vf8h-6fcv", "summary": "The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the \"bad_copy error path.\" NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6031.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6031.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18608", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18686", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18688", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6031" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6031" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-frp7-vf8h-6fcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106112?format=api", "vulnerability_id": "VCID-gspa-sqcd-83e3", "summary": "The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4411.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4411.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22036", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2212", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22105", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4411" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=855140", "reference_id": "855140", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=855140" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-19.html", "reference_id": "XSA-19", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-19.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4411" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gspa-sqcd-83e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106122?format=api", "vulnerability_id": "VCID-jd26-6a4y-e3bf", "summary": "Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5512.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5512.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24348", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24449", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24432", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5512" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877385", "reference_id": "877385", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877385" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-28.html", "reference_id": "XSA-28", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-28.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-5512" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jd26-6a4y-e3bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106146?format=api", "vulnerability_id": "VCID-kd1s-guad-qfbs", "summary": "oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0215.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28771", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28843", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28809", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0215" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=906323", "reference_id": "906323", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906323" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-38.html", "reference_id": "XSA-38", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-38.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-0215" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kd1s-guad-qfbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106150?format=api", "vulnerability_id": "VCID-kkhz-hqgm-qyg4", "summary": "Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to \"deep page table traversal.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1918.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1918.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2663", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26734", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26723", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=956163", "reference_id": "956163", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956163" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-45.html", "reference_id": "XSA-45", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-45.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-1918" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkhz-hqgm-qyg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106131?format=api", "vulnerability_id": "VCID-ktq4-y21k-qyf2", "summary": "The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to \"broken locking checks\" in an \"error path.\" NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6030.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6030.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18596", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18674", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18677", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6030" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6030" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktq4-y21k-qyf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106136?format=api", "vulnerability_id": "VCID-mqvj-wu6y-c3hx", "summary": "The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 \"do not check incoming guest output buffer pointers,\" which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6034.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6034.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31647", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31717", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31684", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6034" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6034", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6034" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6034" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqvj-wu6y-c3hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106139?format=api", "vulnerability_id": "VCID-muzp-19u5-2qhq", "summary": "The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6036.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6036.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6036", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31906", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31979", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31948", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6036" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6036" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-muzp-19u5-2qhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106096?format=api", "vulnerability_id": "VCID-n238-7sk9-buhf", "summary": "Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0218.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0218.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20568", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20641", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20629", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0218" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0218", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0218" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=813908", "reference_id": "813908", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=813908" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-8.html", "reference_id": "XSA-8", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-8.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-0218" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n238-7sk9-buhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106129?format=api", "vulnerability_id": "VCID-np9k-yvvs-fkht", "summary": "The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5525.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5525.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5525", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06889", "scoring_system": "epss", "scoring_elements": "0.91539", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06889", "scoring_system": "epss", "scoring_elements": "0.91552", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06889", "scoring_system": "epss", "scoring_elements": "0.91553", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5525" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877404", "reference_id": "877404", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877404" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-32.html", "reference_id": "XSA-32", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-32.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-5525" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-np9k-yvvs-fkht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106102?format=api", "vulnerability_id": "VCID-q1j7-878s-3ff4", "summary": "The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3494.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3494.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29197", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29266", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29234", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851139", "reference_id": "851139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851139" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-12.html", "reference_id": "XSA-12", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-12.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3494" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1j7-878s-3ff4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106133?format=api", "vulnerability_id": "VCID-q1mv-gdfy-hfha", "summary": "Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6032.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6032.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28709", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28781", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28747", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6032" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6032" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1mv-gdfy-hfha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106128?format=api", "vulnerability_id": "VCID-qs39-fu65-kqdh", "summary": "The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5515.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33909", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34011", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34026", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877397", "reference_id": "877397", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877397" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0168", "reference_id": "RHSA-2013:0168", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0168" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-31.html", "reference_id": "XSA-31", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-31.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-5515" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qs39-fu65-kqdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106161?format=api", "vulnerability_id": "VCID-r13t-3x2c-y7es", "summary": "Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to \"other problems\" that are not CVE-2013-2194 or CVE-2013-2195.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2196.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12084", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12167", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12165", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=970631", "reference_id": "970631", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=970631" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-55.html", "reference_id": "XSA-55", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-55.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-2196" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r13t-3x2c-y7es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106104?format=api", "vulnerability_id": "VCID-scrz-m4nx-mkcr", "summary": "The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3495.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3495.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23805", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23899", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23883", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3495" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851165", "reference_id": "851165", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851165" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-13.html", "reference_id": "XSA-13", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-13.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3495" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scrz-m4nx-mkcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99082?format=api", "vulnerability_id": "VCID-shjy-4hkk-5kfr", "summary": "Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6075.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07525", "scoring_system": "epss", "scoring_elements": "0.91953", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07525", "scoring_system": "epss", "scoring_elements": "0.91965", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07525", "scoring_system": "epss", "scoring_elements": "0.91966", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051", "reference_id": "696051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301", "reference_id": "889301", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0599", "reference_id": "RHSA-2013:0599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0608", "reference_id": "RHSA-2013:0608", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0609", "reference_id": "RHSA-2013:0609", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0609" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0610", "reference_id": "RHSA-2013:0610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0636", "reference_id": "RHSA-2013:0636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0639", "reference_id": "RHSA-2013:0639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0639" }, { "reference_url": "https://usn.ubuntu.com/1692-1/", "reference_id": "USN-1692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1692-1/" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-41.html", "reference_id": "XSA-41", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-41.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-6075" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shjy-4hkk-5kfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106151?format=api", "vulnerability_id": "VCID-smar-r9kd-b3es", "summary": "Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to \"passed-through IRQs or PCI devices.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1919.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26475", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26577", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26567", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=950686", "reference_id": "950686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=950686" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-46.html", "reference_id": "XSA-46", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-46.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-1919" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-smar-r9kd-b3es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106108?format=api", "vulnerability_id": "VCID-vv5t-yn1y-kkfn", "summary": "PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3498.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21024", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21107", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21094", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851193", "reference_id": "851193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851193" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-16.html", "reference_id": "XSA-16", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-16.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3498" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vv5t-yn1y-kkfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106101?format=api", "vulnerability_id": "VCID-wa9s-z3fz-bfbt", "summary": "Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3433.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3433.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22654", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22737", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22722", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3433" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683279", "reference_id": "683279", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683279" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=843582", "reference_id": "843582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843582" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-11.html", "reference_id": "XSA-11", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-11.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2012-3433" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wa9s-z3fz-bfbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106091?format=api", "vulnerability_id": "VCID-wajv-7ne6-wqga", "summary": "tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to \"Lack of error checking in the decompression loop.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3262.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3262.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3262", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26496", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26598", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26588", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3262" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3262", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3262" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=696927", "reference_id": "696927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696927" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0496", "reference_id": "RHSA-2011:0496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0496" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2011-3262" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wajv-7ne6-wqga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106156?format=api", "vulnerability_id": "VCID-z9vg-mtyu-xydw", "summary": "Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2076.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2076.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25969", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26072", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26066", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=964259", "reference_id": "964259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=964259" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-52.html", "reference_id": "XSA-52", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-52.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" } ], "aliases": [ "CVE-2013-2076" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z9vg-mtyu-xydw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106115?format=api", "vulnerability_id": "VCID-zxg4-754a-gfhd", "summary": "The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4536.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4536.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4536", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24261", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24361", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24342", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=870096", "reference_id": "870096", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=870096" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-21.html", "reference_id": "XSA-21", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-21.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4536" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxg4-754a-gfhd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }