Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/320555?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/320555?format=api", "purl": "pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main", "type": "apk", "namespace": "alpine", "name": "xen", "version": "4.11.1-r0", "qualifiers": { "arch": "armv7", "distroversion": "v3.9", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.11.1-r2", "latest_non_vulnerable_version": "4.11.4-r2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106354?format=api", "vulnerability_id": "VCID-47em-hxbk-jye7", "summary": "An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38167", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38255", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38258", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18883" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643116", "reference_id": "1643116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643116" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-278.html", "reference_id": "XSA-278", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-278.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320555?format=api", "purl": "pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main" } ], "aliases": [ "CVE-2018-18883", "XSA-278" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47em-hxbk-jye7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106360?format=api", "vulnerability_id": "VCID-77s9-h9s5-jqg8", "summary": "An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19965.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39286", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39375", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3938", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647588", "reference_id": "1647588", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647588" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-279.html", "reference_id": "XSA-279", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-279.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320555?format=api", "purl": "pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main" } ], "aliases": [ "CVE-2018-19965", "XSA-279" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-77s9-h9s5-jqg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106358?format=api", "vulnerability_id": "VCID-g8xv-up2a-8kek", "summary": "An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19963.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16275", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16357", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16356", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19963" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652231", "reference_id": "1652231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652231" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-276.html", "reference_id": "XSA-276", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-276.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320555?format=api", "purl": "pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main" } ], "aliases": [ "CVE-2018-19963", "XSA-276" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8xv-up2a-8kek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106361?format=api", "vulnerability_id": "VCID-j8n3-djnz-g7f3", "summary": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19966.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31059", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31124", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31091", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652235", "reference_id": "1652235", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652235" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-280.html", "reference_id": "XSA-280", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-280.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320555?format=api", "purl": "pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main" } ], "aliases": [ "CVE-2018-19966", "XSA-280" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8n3-djnz-g7f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106359?format=api", "vulnerability_id": "VCID-mck5-6qme-mbgz", "summary": "An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19964.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31122", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31189", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31156", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19964" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19964" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652227", "reference_id": "1652227", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652227" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-277.html", "reference_id": "XSA-277", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-277.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320555?format=api", "purl": "pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main" } ], "aliases": [ "CVE-2018-19964", "XSA-277" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mck5-6qme-mbgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106357?format=api", "vulnerability_id": "VCID-mxev-xz4c-4kft", "summary": "An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19962.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39468", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39555", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39559", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647573", "reference_id": "1647573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647573" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-275.html", "reference_id": "XSA-275", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-275.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320555?format=api", "purl": "pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main" } ], "aliases": [ "CVE-2018-19962", "XSA-275" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxev-xz4c-4kft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106352?format=api", "vulnerability_id": "VCID-ryde-cb98-ukgq", "summary": "An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15469.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.3968", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39766", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39769", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610543", "reference_id": "1610543", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610543" }, { "reference_url": "https://security.gentoo.org/glsa/201810-06", "reference_id": "GLSA-201810-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-06" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-268.html", "reference_id": "XSA-268", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-268.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320555?format=api", "purl": "pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main" } ], "aliases": [ "CVE-2018-15469", "XSA-268" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryde-cb98-ukgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106351?format=api", "vulnerability_id": "VCID-t28t-5yyv-qyag", "summary": "An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15468.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15468.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29759", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29827", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.2979", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610548", "reference_id": "1610548", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610548" }, { "reference_url": "https://security.gentoo.org/glsa/201810-06", "reference_id": "GLSA-201810-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-06" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-269.html", "reference_id": "XSA-269", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-269.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320555?format=api", "purl": "pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main" } ], "aliases": [ "CVE-2018-15468", "XSA-269" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t28t-5yyv-qyag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106362?format=api", "vulnerability_id": "VCID-xsax-bkka-pfah", "summary": "An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19967.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19967.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22008", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22091", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22077", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19967" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660493", "reference_id": "1660493", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660493" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-282.html", "reference_id": "XSA-282", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-282.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/320555?format=api", "purl": "pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main" } ], "aliases": [ "CVE-2018-19967", "XSA-282" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsax-bkka-pfah" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main" }