Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/194752?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "type": "ebuild", "namespace": "app-emulation", "name": "xen-pvgrub", "version": "4.6.0-r9", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.7.1-r1", "latest_non_vulnerable_version": "4.7.2-r1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99151?format=api", "vulnerability_id": "VCID-1h7w-s59u-dkbc", "summary": "QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4106.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4106.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24638", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4106" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223859", "reference_id": "1223859", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223859" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547", "reference_id": "787547", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-131.html", "reference_id": "XSA-131", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-131.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-4106" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1h7w-s59u-dkbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106134?format=api", "vulnerability_id": "VCID-1hyu-e9tj-t3bx", "summary": "The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6033.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6033.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21704", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6033" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6033" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hyu-e9tj-t3bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106253?format=api", "vulnerability_id": "VCID-1x7p-bz5v-1qhq", "summary": "The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8339.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8339.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2663", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8339" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284919", "reference_id": "1284919", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284919" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620", "reference_id": "823620", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-159.html", "reference_id": "XSA-159", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-159.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-8339" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1x7p-bz5v-1qhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106118?format=api", "vulnerability_id": "VCID-3d6h-9r6r-7ydv", "summary": "Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka \"Grant table hypercall infinite loop DoS vulnerability.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4539.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4539.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22538", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4539" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=870110", "reference_id": "870110", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=870110" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-24.html", "reference_id": "XSA-24", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-24.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4539" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3d6h-9r6r-7ydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95555?format=api", "vulnerability_id": "VCID-4u9s-egzq-nkfh", "summary": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7871.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7871.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7871", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83579", "scoring_system": "epss", "scoring_elements": "0.99299", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265", "reference_id": "1274265", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://security.gentoo.org/glsa/201607-15", "reference_id": "GLSA-201607-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7871" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u9s-egzq-nkfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99165?format=api", "vulnerability_id": "VCID-5bv8-re3s-7kg8", "summary": "Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7504.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00466", "scoring_system": "epss", "scoring_elements": "0.64745", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1981", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1981" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261461", "reference_id": "1261461", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261461" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806742", "reference_id": "806742", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806742" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2694", "reference_id": "RHSA-2015:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2695", "reference_id": "RHSA-2015:2695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2695" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2696", "reference_id": "RHSA-2015:2696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2696" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-162.html", "reference_id": "XSA-162", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-162.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7504" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bv8-re3s-7kg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99145?format=api", "vulnerability_id": "VCID-5e41-v564-xub1", "summary": "Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3209.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18024", "scoring_system": "epss", "scoring_elements": "0.95288", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225882", "reference_id": "1225882", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225882" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460", "reference_id": "788460", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460" }, { "reference_url": "https://security.gentoo.org/glsa/201510-02", "reference_id": "GLSA-201510-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201510-02" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1087", "reference_id": "RHSA-2015:1087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1088", "reference_id": "RHSA-2015:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1089", "reference_id": "RHSA-2015:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1189", "reference_id": "RHSA-2015:1189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1189" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-135.html", "reference_id": "XSA-135", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-135.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-3209" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5e41-v564-xub1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99149?format=api", "vulnerability_id": "VCID-5y2g-8eny-ekd6", "summary": "Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4104.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4104.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08429", "scoring_system": "epss", "scoring_elements": "0.92482", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223851", "reference_id": "1223851", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223851" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547", "reference_id": "787547", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-129.html", "reference_id": "XSA-129", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-129.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-4104" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5y2g-8eny-ekd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106137?format=api", "vulnerability_id": "VCID-7td2-sf5w-ybc7", "summary": "The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6035.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6035.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28397", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6035" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6035" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7td2-sf5w-ybc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106107?format=api", "vulnerability_id": "VCID-8hcx-xfvm-2ue2", "summary": "(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3497.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3497.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28387", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3497" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-15.html", "reference_id": "XSA-15", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3497" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hcx-xfvm-2ue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78892?format=api", "vulnerability_id": "VCID-8k1m-9p6x-4fhj", "summary": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8552.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8552.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8552", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40622", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8552" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289128", "reference_id": "1289128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289128" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-157.html", "reference_id": "XSA-157", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-157.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-8552" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8k1m-9p6x-4fhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106113?format=api", "vulnerability_id": "VCID-8kq1-rskm-afez", "summary": "Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an \"inappropriate deadline.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4535.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28166", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=870086", "reference_id": "870086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=870086" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1540", "reference_id": "RHSA-2012:1540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1540" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-20.html", "reference_id": "XSA-20", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-20.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4535" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8kq1-rskm-afez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106241?format=api", "vulnerability_id": "VCID-8tg6-2qns-nkex", "summary": "The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4164.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22342", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226913", "reference_id": "1226913", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226913" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721", "reference_id": "795721", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-136.html", "reference_id": "XSA-136", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-136.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-4164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8tg6-2qns-nkex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106257?format=api", "vulnerability_id": "VCID-8wt6-5dee-cfcd", "summary": "Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8555.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8555.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68362", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289130", "reference_id": "1289130", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289130" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620", "reference_id": "823620", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-165.html", "reference_id": "XSA-165", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-165.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-8555" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wt6-5dee-cfcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106116?format=api", "vulnerability_id": "VCID-93cc-vcu3-3qct", "summary": "Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka \"Memory mapping failure DoS vulnerability.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4537.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4537.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4537", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28166", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4537" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=870101", "reference_id": "870101", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=870101" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1540", "reference_id": "RHSA-2012:1540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1540" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-22.html", "reference_id": "XSA-22", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-22.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4537" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93cc-vcu3-3qct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99081?format=api", "vulnerability_id": "VCID-c61e-4uev-xket", "summary": "Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a \"device model's address space.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3515.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27324", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3515" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851252", "reference_id": "851252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851252" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1233", "reference_id": "RHSA-2012:1233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1234", "reference_id": "RHSA-2012:1234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1235", "reference_id": "RHSA-2012:1235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1236", "reference_id": "RHSA-2012:1236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1325", "reference_id": "RHSA-2012:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1325" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-17.html", "reference_id": "XSA-17", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-17.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3515" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c61e-4uev-xket" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106117?format=api", "vulnerability_id": "VCID-ceuu-4hjd-7qfx", "summary": "The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4538.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4538.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4538", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17084", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4538" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=870106", "reference_id": "870106", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=870106" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-23.html", "reference_id": "XSA-23", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-23.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4538" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ceuu-4hjd-7qfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106106?format=api", "vulnerability_id": "VCID-dwmv-fd24-93by", "summary": "XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3496.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26093", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3496" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851172", "reference_id": "851172", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851172" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-14.html", "reference_id": "XSA-14", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-14.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3496" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwmv-fd24-93by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99150?format=api", "vulnerability_id": "VCID-fad8-awfx-yqfp", "summary": "Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4105.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4105.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30731", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223853", "reference_id": "1223853", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223853" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547", "reference_id": "787547", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-130.html", "reference_id": "XSA-130", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-130.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-4105" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fad8-awfx-yqfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106132?format=api", "vulnerability_id": "VCID-frp7-vf8h-6fcv", "summary": "The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the \"bad_copy error path.\" NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6031.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6031.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18608", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6031" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6031" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-frp7-vf8h-6fcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106236?format=api", "vulnerability_id": "VCID-fuwh-rr8p-vybh", "summary": "Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3259.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3259.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17812", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3259" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238088", "reference_id": "1238088", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238088" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721", "reference_id": "795721", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-137.html", "reference_id": "XSA-137", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-137.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-3259" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fuwh-rr8p-vybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106237?format=api", "vulnerability_id": "VCID-g1wg-e5kd-ykda", "summary": "Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3340.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3340.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70768", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3340" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214035", "reference_id": "1214035", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214035" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784011", "reference_id": "784011", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784011" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-132.html", "reference_id": "XSA-132", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-132.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-3340" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g1wg-e5kd-ykda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106112?format=api", "vulnerability_id": "VCID-gspa-sqcd-83e3", "summary": "The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4411.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4411.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22036", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4411" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=855140", "reference_id": "855140", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=855140" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-19.html", "reference_id": "XSA-19", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-19.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4411" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gspa-sqcd-83e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78891?format=api", "vulnerability_id": "VCID-jk3h-3xbk-qbcj", "summary": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8551.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8551.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8551", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22173", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8551" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289128", "reference_id": "1289128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289128" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-157.html", "reference_id": "XSA-157", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-157.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-8551" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jk3h-3xbk-qbcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106251?format=api", "vulnerability_id": "VCID-jwgp-7zgd-h3cp", "summary": "The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to \"heavy memory pressure.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7972.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7972.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22104", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276120", "reference_id": "1276120", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276120" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-153.html", "reference_id": "XSA-153", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-153.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwgp-7zgd-h3cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99146?format=api", "vulnerability_id": "VCID-kn3g-4r4n-9fab", "summary": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3456.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3456.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.19325", "scoring_system": "epss", "scoring_elements": "0.95492", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218611", "reference_id": "1218611", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218611" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785424", "reference_id": "785424", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785424" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/37053.c", "reference_id": "CVE-2015-3456;OSVDB-122072", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/37053.c" }, { "reference_url": "https://marc.info/?l=oss-security&m=143155206320935&w=2", "reference_id": "CVE-2015-3456;OSVDB-122072", "reference_type": "exploit", "scores": [], "url": "https://marc.info/?l=oss-security&m=143155206320935&w=2" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0998", "reference_id": "RHSA-2015:0998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0999", "reference_id": "RHSA-2015:0999", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0999" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1000", "reference_id": "RHSA-2015:1000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1001", "reference_id": "RHSA-2015:1001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1002", "reference_id": "RHSA-2015:1002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1003", "reference_id": "RHSA-2015:1003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1004", "reference_id": "RHSA-2015:1004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1011", "reference_id": "RHSA-2015:1011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1031", "reference_id": "RHSA-2015:1031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1031" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-133.html", "reference_id": "XSA-133", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-133.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-3456" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kn3g-4r4n-9fab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99148?format=api", "vulnerability_id": "VCID-krbw-dq3h-fya7", "summary": "Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4103.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4103.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4103", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30731", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4103" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223846", "reference_id": "1223846", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223846" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547", "reference_id": "787547", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-128.html", "reference_id": "XSA-128", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-128.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-4103" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krbw-dq3h-fya7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106131?format=api", "vulnerability_id": "VCID-ktq4-y21k-qyf2", "summary": "The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to \"broken locking checks\" in an \"error path.\" NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6030.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6030.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18596", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6030" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6030" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktq4-y21k-qyf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106136?format=api", "vulnerability_id": "VCID-mqvj-wu6y-c3hx", "summary": "The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 \"do not check incoming guest output buffer pointers,\" which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6034.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6034.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31647", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6034" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6034" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqvj-wu6y-c3hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99152?format=api", "vulnerability_id": "VCID-mtyw-7hrb-jyha", "summary": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5154.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5154.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.60187", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5154" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243563", "reference_id": "1243563", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243563" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793811", "reference_id": "793811", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793811" }, { "reference_url": "https://security.gentoo.org/glsa/201510-02", "reference_id": "GLSA-201510-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201510-02" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1507", "reference_id": "RHSA-2015:1507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1508", "reference_id": "RHSA-2015:1508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1512", "reference_id": "RHSA-2015:1512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1512" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-138.html", "reference_id": "XSA-138", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-138.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-5154" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtyw-7hrb-jyha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106139?format=api", "vulnerability_id": "VCID-muzp-19u5-2qhq", "summary": "The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6036.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6036.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6036", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31906", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6036" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6036" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-muzp-19u5-2qhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106248?format=api", "vulnerability_id": "VCID-mz2m-xffe-a7a1", "summary": "Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of \"teardowns\" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7969.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1761", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7969" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272519", "reference_id": "1272519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272519" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-149.html", "reference_id": "XSA-149", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-149.html" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-151.html", "reference_id": "XSA-151", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-151.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7969" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mz2m-xffe-a7a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106256?format=api", "vulnerability_id": "VCID-nmwp-yn17-uqed", "summary": "Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a \"write path.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8554.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8554.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19248", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8554" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289129", "reference_id": "1289129", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289129" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-164.html", "reference_id": "XSA-164", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-164.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-8554" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmwp-yn17-uqed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106247?format=api", "vulnerability_id": "VCID-pa4v-zfya-gbb6", "summary": "The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26488", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271971", "reference_id": "1271971", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271971" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-148.html", "reference_id": "XSA-148", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-148.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7835" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pa4v-zfya-gbb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106246?format=api", "vulnerability_id": "VCID-pwk6-6gke-8fej", "summary": "Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7814.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7814.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17535", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7814" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271630", "reference_id": "1271630", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271630" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-147.html", "reference_id": "XSA-147", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-147.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7814" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwk6-6gke-8fej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106102?format=api", "vulnerability_id": "VCID-q1j7-878s-3ff4", "summary": "The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3494.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3494.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29197", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3494" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851139", "reference_id": "851139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851139" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-12.html", "reference_id": "XSA-12", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-12.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3494" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1j7-878s-3ff4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106133?format=api", "vulnerability_id": "VCID-q1mv-gdfy-hfha", "summary": "Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6032.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6032.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28709", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6032" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-6032" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1mv-gdfy-hfha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106265?format=api", "vulnerability_id": "VCID-rujz-dyx2-xfhw", "summary": "Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2270.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2270.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53121", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2270" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1304627", "reference_id": "1304627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1304627" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-154.html", "reference_id": "XSA-154", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-154.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2016-2270" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rujz-dyx2-xfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106245?format=api", "vulnerability_id": "VCID-s3t8-rwfb-ybec", "summary": "Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7813.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22891", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7813" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271626", "reference_id": "1271626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271626" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-146.html", "reference_id": "XSA-146", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-146.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7813" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3t8-rwfb-ybec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106104?format=api", "vulnerability_id": "VCID-scrz-m4nx-mkcr", "summary": "The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3495.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3495.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23805", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3495" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851165", "reference_id": "851165", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851165" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-13.html", "reference_id": "XSA-13", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-13.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3495" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scrz-m4nx-mkcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106254?format=api", "vulnerability_id": "VCID-v4p6-uxvz-vqhq", "summary": "The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8340.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8340.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22219", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8340" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284919", "reference_id": "1284919", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284919" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620", "reference_id": "823620", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-159.html", "reference_id": "XSA-159", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-159.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-8340" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v4p6-uxvz-vqhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106108?format=api", "vulnerability_id": "VCID-vv5t-yn1y-kkfn", "summary": "PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3498.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21024", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3498" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764", "reference_id": "686764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851193", "reference_id": "851193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851193" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-16.html", "reference_id": "XSA-16", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-16.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-3498" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vv5t-yn1y-kkfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78890?format=api", "vulnerability_id": "VCID-wfr5-35rk-tud5", "summary": "Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8550.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8550.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15964", "scoring_system": "epss", "scoring_elements": "0.94887", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1981", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1981" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289125", "reference_id": "1289125", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289125" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809229", "reference_id": "809229", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809229" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620", "reference_id": "823620", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-155.html", "reference_id": "XSA-155", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-155.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-8550" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfr5-35rk-tud5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106255?format=api", "vulnerability_id": "VCID-wndv-393s-v3hj", "summary": "The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8341.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8341.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67932", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8341" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284933", "reference_id": "1284933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284933" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620", "reference_id": "823620", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-160.html", "reference_id": "XSA-160", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-160.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-8341" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wndv-393s-v3hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106250?format=api", "vulnerability_id": "VCID-x6c3-u8aq-67g7", "summary": "Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7971.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7971.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21446", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272525", "reference_id": "1272525", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272525" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-152.html", "reference_id": "XSA-152", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-152.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6c3-u8aq-67g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106230?format=api", "vulnerability_id": "VCID-xewk-rbqw-hkeh", "summary": "The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2151.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2151.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2151", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.466", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2151" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2045", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2045" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2151", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2151" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196274", "reference_id": "1196274", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196274" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780227", "reference_id": "780227", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780227" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0450", "reference_id": "RHSA-2016:0450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0450" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-123.html", "reference_id": "XSA-123", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-123.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-2151" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xewk-rbqw-hkeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106240?format=api", "vulnerability_id": "VCID-xtxb-z38n-e3f5", "summary": "GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4163.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30665", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226290", "reference_id": "1226290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226290" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721", "reference_id": "795721", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-134.html", "reference_id": "XSA-134", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-134.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-4163" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtxb-z38n-e3f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106244?format=api", "vulnerability_id": "VCID-y77x-egqv-f3ab", "summary": "The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7812.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22797", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7812" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271621", "reference_id": "1271621", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271621" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-145.html", "reference_id": "XSA-145", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-145.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7812" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y77x-egqv-f3ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106266?format=api", "vulnerability_id": "VCID-yn5e-mtph-c7b4", "summary": "VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2271.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2271.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20652", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2271" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1304628", "reference_id": "1304628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1304628" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620", "reference_id": "823620", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-170.html", "reference_id": "XSA-170", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-170.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2016-2271" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn5e-mtph-c7b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106249?format=api", "vulnerability_id": "VCID-ys5x-t9na-jbfn", "summary": "The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a \"time-consuming linear scan,\" related to Populate-on-Demand.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7970.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22021", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272529", "reference_id": "1272529", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272529" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-150.html", "reference_id": "XSA-150", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-150.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7970" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ys5x-t9na-jbfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106115?format=api", "vulnerability_id": "VCID-zxg4-754a-gfhd", "summary": "The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4536.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4536.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4536", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24261", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4536" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=870096", "reference_id": "870096", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=870096" }, { "reference_url": "https://security.gentoo.org/glsa/201309-24", "reference_id": "GLSA-201309-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-24" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-21.html", "reference_id": "XSA-21", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-21.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190839?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/190840?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2012-4536" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxg4-754a-gfhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106243?format=api", "vulnerability_id": "VCID-zzhd-u555-qybz", "summary": "libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7311.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7311.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20859", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265269", "reference_id": "1265269", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265269" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620", "reference_id": "823620", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-142.html", "reference_id": "XSA-142", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-142.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" } ], "aliases": [ "CVE-2015-7311" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzhd-u555-qybz" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" }