Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main

Type apk

Namespace alpine

Name xen

Version 4.13.0-r0

Qualifiers

arch	ppc64le
distroversion	v3.12
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.13.0-r3

Latest_non_vulnerable_version 4.13.4-r3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-33sz-99zv-gybt

vulnerability_id VCID-33sz-99zv-gybt

summary An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19583.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19583.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19583

reference_id

reference_type

scores

value	0.02069
scoring_system	epss
scoring_elements	0.84256
published_at	2026-06-04T12:55:00Z

value	0.02069
scoring_system	epss
scoring_elements	0.8428
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19583

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19578
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19578

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19579
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19579

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19580
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19580

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19582
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19582

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19583
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19583

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1778171
reference_id	1778171
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1778171

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944
reference_id	947944
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944

reference_url	https://security.gentoo.org/glsa/202003-56
reference_id	GLSA-202003-56
reference_type
scores
url	https://security.gentoo.org/glsa/202003-56

reference_url	https://xenbits.xen.org/xsa/advisory-308.html
reference_id	XSA-308
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-308.html

fixed_packages

url	pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.13.0-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2019-19583, XSA-308

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-33sz-99zv-gybt

url VCID-5tu1-npgw-3qca

vulnerability_id VCID-5tu1-npgw-3qca

summary Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12207.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12207.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12207

reference_id

reference_type

scores

value	0.00262
scoring_system	epss
scoring_elements	0.49744
published_at	2026-06-04T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49807
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19578
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19578

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19579
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19579

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19580
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19580

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19582
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19582

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19583
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19583

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1646768
reference_id	1646768
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1646768

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944
reference_id	947944
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944

reference_url	https://security.gentoo.org/glsa/202003-56
reference_id	GLSA-202003-56
reference_type
scores
url	https://security.gentoo.org/glsa/202003-56

reference_url	https://access.redhat.com/errata/RHSA-2019:3832
reference_id	RHSA-2019:3832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3832

reference_url	https://access.redhat.com/errata/RHSA-2019:3833
reference_id	RHSA-2019:3833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3833

reference_url	https://access.redhat.com/errata/RHSA-2019:3834
reference_id	RHSA-2019:3834
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3834

reference_url	https://access.redhat.com/errata/RHSA-2019:3835
reference_id	RHSA-2019:3835
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3835

reference_url	https://access.redhat.com/errata/RHSA-2019:3836
reference_id	RHSA-2019:3836
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3836

reference_url	https://access.redhat.com/errata/RHSA-2019:3837
reference_id	RHSA-2019:3837
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3837

reference_url	https://access.redhat.com/errata/RHSA-2019:3838
reference_id	RHSA-2019:3838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3838

reference_url	https://access.redhat.com/errata/RHSA-2019:3839
reference_id	RHSA-2019:3839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3839

reference_url	https://access.redhat.com/errata/RHSA-2019:3840
reference_id	RHSA-2019:3840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3840

reference_url	https://access.redhat.com/errata/RHSA-2019:3841
reference_id	RHSA-2019:3841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3841

reference_url	https://access.redhat.com/errata/RHSA-2019:3842
reference_id	RHSA-2019:3842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3842

reference_url	https://access.redhat.com/errata/RHSA-2019:3843
reference_id	RHSA-2019:3843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3843

reference_url	https://access.redhat.com/errata/RHSA-2019:3844
reference_id	RHSA-2019:3844
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3844

reference_url	https://access.redhat.com/errata/RHSA-2019:3860
reference_id	RHSA-2019:3860
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3860

reference_url	https://access.redhat.com/errata/RHSA-2019:3916
reference_id	RHSA-2019:3916
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3916

reference_url	https://access.redhat.com/errata/RHSA-2019:3936
reference_id	RHSA-2019:3936
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3936

reference_url	https://access.redhat.com/errata/RHSA-2019:3941
reference_id	RHSA-2019:3941
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3941

reference_url	https://access.redhat.com/errata/RHSA-2020:0026
reference_id	RHSA-2020:0026
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0026

reference_url	https://access.redhat.com/errata/RHSA-2020:0028
reference_id	RHSA-2020:0028
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0028

reference_url	https://access.redhat.com/errata/RHSA-2020:0204
reference_id	RHSA-2020:0204
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0204

reference_url	https://usn.ubuntu.com/4183-1/
reference_id	USN-4183-1
reference_type
scores
url	https://usn.ubuntu.com/4183-1/

reference_url	https://usn.ubuntu.com/4184-1/
reference_id	USN-4184-1
reference_type
scores
url	https://usn.ubuntu.com/4184-1/

reference_url	https://usn.ubuntu.com/4185-1/
reference_id	USN-4185-1
reference_type
scores
url	https://usn.ubuntu.com/4185-1/

reference_url	https://usn.ubuntu.com/4185-2/
reference_id	USN-4185-2
reference_type
scores
url	https://usn.ubuntu.com/4185-2/

reference_url	https://xenbits.xen.org/xsa/advisory-304.html
reference_id	XSA-304
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-304.html

fixed_packages

url	pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.13.0-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2018-12207, XSA-304

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5tu1-npgw-3qca

url VCID-gnx3-uqq5-sfb1

vulnerability_id VCID-gnx3-uqq5-sfb1

summary An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19577.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19577.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19577

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.30949
published_at	2026-06-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31015
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19578
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19578

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19579
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19579

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19580
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19580

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19582
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19582

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19583
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19583

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1778194
reference_id	1778194
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1778194

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944
reference_id	947944
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944

reference_url	https://security.gentoo.org/glsa/202003-56
reference_id	GLSA-202003-56
reference_type
scores
url	https://security.gentoo.org/glsa/202003-56

reference_url	https://xenbits.xen.org/xsa/advisory-311.html
reference_id	XSA-311
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-311.html

fixed_packages

url	pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.13.0-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2019-19577, XSA-311

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnx3-uqq5-sfb1

url VCID-tf48-tz1z-7bd8

vulnerability_id VCID-tf48-tz1z-7bd8

summary An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19582.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19582.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19582

reference_id

reference_type

scores

value	0.00108
scoring_system	epss
scoring_elements	0.28594
published_at	2026-06-04T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28667
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19582

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19578
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19578

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19579
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19579

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19580
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19580

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19582
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19582

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19583
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19583

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1778191
reference_id	1778191
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1778191

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944
reference_id	947944
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944

reference_url	https://security.gentoo.org/glsa/202003-56
reference_id	GLSA-202003-56
reference_type
scores
url	https://security.gentoo.org/glsa/202003-56

reference_url	https://xenbits.xen.org/xsa/advisory-307.html
reference_id	XSA-307
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-307.html

fixed_packages

url	pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.13.0-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2019-19582, XSA-307

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tf48-tz1z-7bd8

url VCID-yvvz-9ekb-ebg4

vulnerability_id VCID-yvvz-9ekb-ebg4

summary An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18422.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18422.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18422

reference_id

reference_type

scores

value	0.03469
scoring_system	epss
scoring_elements	0.87757
published_at	2026-06-04T12:55:00Z

value	0.03469
scoring_system	epss
scoring_elements	0.87779
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18422

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19578
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19578

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19579
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19579

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19580
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19580

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19582
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19582

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19583
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19583

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1771442
reference_id	1771442
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1771442

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944
reference_id	947944
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944

reference_url	https://xenbits.xen.org/xsa/advisory-303.html
reference_id	XSA-303
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-303.html

fixed_packages

url	pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main
purl	pkg:apk/alpine/xen@4.13.0-r0?arch=ppc64le&distroversion=v3.12&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.13.0-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

aliases CVE-2019-18422, XSA-303

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yvvz-9ekb-ebg4

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.13.0-r0%3Farch=ppc64le&distroversion=v3.12&reponame=main

Package Instance