Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/994614?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "type": "deb", "namespace": "debian", "name": "qemu", "version": "1:7.2+dfsg-7+deb12u18", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:10.0.2+ds-2+deb13u1~bpo12+1", "latest_non_vulnerable_version": "1:11.0.0+ds-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/354144?format=api", "vulnerability_id": "VCID-46gg-8h8g-2kf5", "summary": "", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5763" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994615?format=api", "purl": "pkg:deb/debian/qemu@1:10.0.2%2Bds-2%2Bdeb13u1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.0.2%252Bds-2%252Bdeb13u1~bpo12%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077793?format=api", "purl": "pkg:deb/debian/qemu@1:11.0.0%2Bds-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:11.0.0%252Bds-1" } ], "aliases": [ "CVE-2026-5763" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46gg-8h8g-2kf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/354133?format=api", "vulnerability_id": "VCID-4mt9-kf9m-2fbz", "summary": "", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3890" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994615?format=api", "purl": "pkg:deb/debian/qemu@1:10.0.2%2Bds-2%2Bdeb13u1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.0.2%252Bds-2%252Bdeb13u1~bpo12%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077793?format=api", "purl": "pkg:deb/debian/qemu@1:11.0.0%2Bds-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:11.0.0%252Bds-1" } ], "aliases": [ "CVE-2026-3890" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mt9-kf9m-2fbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66051?format=api", "vulnerability_id": "VCID-hkf8-96k7-kuc9", "summary": "qemu-kvm: Unbounded allocation in virtio-crypto", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14876.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14876", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00379", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00377", "published_at": "2026-04-24T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00378", "published_at": "2026-04-26T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00356", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00523", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00556", "published_at": "2026-04-29T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00539", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00532", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0053", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00527", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00524", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00526", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14876" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123670", "reference_id": "1123670", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423549", "reference_id": "2423549", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T14:32:44Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423549" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-14876", "reference_id": "CVE-2025-14876", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T14:32:44Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-14876" }, { "reference_url": "https://usn.ubuntu.com/8073-1/", "reference_id": "USN-8073-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8073-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994615?format=api", "purl": "pkg:deb/debian/qemu@1:10.0.2%2Bds-2%2Bdeb13u1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.0.2%252Bds-2%252Bdeb13u1~bpo12%252B1" } ], "aliases": [ "CVE-2025-14876" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkf8-96k7-kuc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64655?format=api", "vulnerability_id": "VCID-m47q-17n6-t7gg", "summary": "qemu-kvm: Heap buffer out-of-bounds read in VMDK compressed grain parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2243.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2243.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2243", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04546", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04486", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04623", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04666", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.047", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04495", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04536", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04521", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04506", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04477", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05062", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2243" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2243", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2243" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128478", "reference_id": "1128478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440934", "reference_id": "2440934", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T20:23:45Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440934" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2243", "reference_id": "CVE-2026-2243", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T20:23:45Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2243" }, { "reference_url": "https://usn.ubuntu.com/8161-1/", "reference_id": "USN-8161-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8161-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994615?format=api", "purl": "pkg:deb/debian/qemu@1:10.0.2%2Bds-2%2Bdeb13u1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.0.2%252Bds-2%252Bdeb13u1~bpo12%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994676?format=api", "purl": "pkg:deb/debian/qemu@1:10.2.2%2Bds-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j9f-u62h-rug2" }, { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-n9n4-prkb-f3c6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.2.2%252Bds-1" } ], "aliases": [ "CVE-2026-2243" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m47q-17n6-t7gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74119?format=api", "vulnerability_id": "VCID-n71j-fz74-kyhf", "summary": "qemu-kvm: usb: assertion failure in usb_ep_get()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8354.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13599", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13712", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13722", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13691", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13856", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13914", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13714", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13797", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13847", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13816", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1378", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13732", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13643", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13639", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8354" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082377", "reference_id": "1082377", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082377" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313497", "reference_id": "2313497", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T13:38:43Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313497" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8354", "reference_id": "CVE-2024-8354", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T13:38:43Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8354" }, { "reference_url": "https://usn.ubuntu.com/7744-1/", "reference_id": "USN-7744-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7744-1/" }, { "reference_url": "https://usn.ubuntu.com/8073-1/", "reference_id": "USN-8073-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8073-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994615?format=api", "purl": "pkg:deb/debian/qemu@1:10.0.2%2Bds-2%2Bdeb13u1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.0.2%252Bds-2%252Bdeb13u1~bpo12%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994676?format=api", "purl": "pkg:deb/debian/qemu@1:10.2.2%2Bds-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j9f-u62h-rug2" }, { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-n9n4-prkb-f3c6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.2.2%252Bds-1" } ], "aliases": [ "CVE-2024-8354" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n71j-fz74-kyhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74993?format=api", "vulnerability_id": "VCID-t58m-9jqp-43c9", "summary": "qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7730.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7730.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07997", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08044", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11332", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11495", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11447", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11407", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11421", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11507", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11566", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11541", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11515", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11373", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11372", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7730" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7730" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304289", "reference_id": "2304289", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T18:55:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304289" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7730", "reference_id": "CVE-2024-7730", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T18:55:17Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7730" }, { "reference_url": "https://usn.ubuntu.com/7094-1/", "reference_id": "USN-7094-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7094-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994615?format=api", "purl": "pkg:deb/debian/qemu@1:10.0.2%2Bds-2%2Bdeb13u1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.0.2%252Bds-2%252Bdeb13u1~bpo12%252B1" } ], "aliases": [ "CVE-2024-7730" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t58m-9jqp-43c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80572?format=api", "vulnerability_id": "VCID-uzxc-npak-yyc4", "summary": "QEMU: net: eepro100: stack overflow via infinite recursion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20255.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20255.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37716", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37897", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37922", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.378", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.3785", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37863", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37878", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37841", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37816", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39773", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39881", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39853", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39593", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39582", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42686", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20255" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930646", "reference_id": "1930646", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930646" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984451", "reference_id": "984451", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984451" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994615?format=api", "purl": "pkg:deb/debian/qemu@1:10.0.2%2Bds-2%2Bdeb13u1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.0.2%252Bds-2%252Bdeb13u1~bpo12%252B1" } ], "aliases": [ "CVE-2021-20255" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uzxc-npak-yyc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349403?format=api", "vulnerability_id": "VCID-vcun-y6d5-6uby", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3842.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3842.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458150", "reference_id": "2458150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458150" }, { "reference_url": "https://usn.ubuntu.com/8161-1/", "reference_id": "USN-8161-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8161-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994615?format=api", "purl": "pkg:deb/debian/qemu@1:10.0.2%2Bds-2%2Bdeb13u1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.0.2%252Bds-2%252Bdeb13u1~bpo12%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994676?format=api", "purl": "pkg:deb/debian/qemu@1:10.2.2%2Bds-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j9f-u62h-rug2" }, { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-n9n4-prkb-f3c6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:10.2.2%252Bds-1" } ], "aliases": [ "CVE-2026-3842" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcun-y6d5-6uby" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62359?format=api", "vulnerability_id": "VCID-3ew5-8dfe-u3d8", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1544.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1544.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18892", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19132", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19079", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19037", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19049", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19058", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18951", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18935", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19324", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19039", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19119", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19172", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19178", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1544" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034179", "reference_id": "1034179", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180364", "reference_id": "2180364", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:10:20Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180364" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-1544", "reference_id": "CVE-2023-1544", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:10:20Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-1544" }, { "reference_url": "https://security.gentoo.org/glsa/202408-18", "reference_id": "GLSA-202408-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-18" }, { "reference_url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html", "reference_id": "msg00206.html", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:10:20Z/" } ], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230511-0005/", "reference_id": "ntap-20230511-0005", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:10:20Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230511-0005/" }, { "reference_url": "https://usn.ubuntu.com/6567-1/", "reference_id": "USN-6567-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6567-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2023-1544" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ew5-8dfe-u3d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75012?format=api", "vulnerability_id": "VCID-3kyg-9mf3-kfft", "summary": "qemu-kvm: 'qemu-img info' leads to host file read/write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4467.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16208", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1636", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16254", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1625", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1797", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17811", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17872", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17888", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17844", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17796", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1774", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1775", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18024", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4467" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075824", "reference_id": "1075824", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075824" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278875", "reference_id": "2278875", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278875" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8.2::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8.2::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8.2::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8.4::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:container_native_virtualization:4", "reference_id": "cpe:/a:redhat:container_native_virtualization:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:container_native_virtualization:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4467", "reference_id": "CVE-2024-4467", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4276", "reference_id": "RHSA-2024:4276", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4277", "reference_id": "RHSA-2024:4277", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4277" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4278", "reference_id": "RHSA-2024:4278", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4372", "reference_id": "RHSA-2024:4372", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4373", "reference_id": "RHSA-2024:4373", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4374", "reference_id": "RHSA-2024:4374", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4420", "reference_id": "RHSA-2024:4420", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4724", "reference_id": "RHSA-2024:4724", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4727", "reference_id": "RHSA-2024:4727", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T18:05:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4727" }, { "reference_url": "https://usn.ubuntu.com/7744-1/", "reference_id": "USN-7744-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7744-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2024-4467" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kyg-9mf3-kfft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35385?format=api", "vulnerability_id": "VCID-6qnt-yaa3-p3bb", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35506.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08517", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08516", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08589", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08609", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08588", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08575", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08464", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08451", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08601", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08614", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08567", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0857", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35506" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909996", "reference_id": "1909996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909996" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984454", "reference_id": "984454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984454" }, { "reference_url": "https://security.gentoo.org/glsa/202208-27", "reference_id": "GLSA-202208-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2020-35506" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qnt-yaa3-p3bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74461?format=api", "vulnerability_id": "VCID-91y7-ceje-jbd3", "summary": "QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7409.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7409.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82375", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.8236", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82371", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01706", "scoring_system": "epss", "scoring_elements": "0.82257", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01706", "scoring_system": "epss", "scoring_elements": "0.82276", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01706", "scoring_system": "epss", "scoring_elements": "0.82271", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01706", "scoring_system": "epss", "scoring_elements": "0.82298", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01706", "scoring_system": "epss", "scoring_elements": "0.82305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01706", "scoring_system": "epss", "scoring_elements": "0.82324", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01706", "scoring_system": "epss", "scoring_elements": "0.82318", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01706", "scoring_system": "epss", "scoring_elements": "0.82313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01706", "scoring_system": "epss", "scoring_elements": "0.82347", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82598", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7409" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7409", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7409" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302487", "reference_id": "2302487", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:16:55Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302487" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8", "reference_id": "cpe:/a:redhat:openshift:4.13::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8", "reference_id": "cpe:/a:redhat:openshift:4.14::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8", "reference_id": "cpe:/a:redhat:openshift:4.15::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7409", "reference_id": "CVE-2024-7409", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:16:55Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10518", "reference_id": "RHSA-2024:10518", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:16:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10528", "reference_id": "RHSA-2024:10528", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:16:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6811", "reference_id": "RHSA-2024:6811", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:16:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6964", "reference_id": "RHSA-2024:6964", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:16:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7408", "reference_id": "RHSA-2024:7408", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:16:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9136", "reference_id": "RHSA-2024:9136", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:16:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:9136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9912", "reference_id": "RHSA-2024:9912", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:16:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:9912" }, { "reference_url": "https://usn.ubuntu.com/7744-1/", "reference_id": "USN-7744-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7744-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2024-7409" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91y7-ceje-jbd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35411?format=api", "vulnerability_id": "VCID-cenj-mz55-jbg6", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3929.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3929.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89536", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.8954", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89553", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89554", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89576", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89583", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.8959", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89591", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89587", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89602", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89606", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04882", "scoring_system": "epss", "scoring_elements": "0.89607", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3929" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020298", "reference_id": "2020298", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020298" }, { "reference_url": "https://security.gentoo.org/glsa/202208-27", "reference_id": "GLSA-202208-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-27" }, { "reference_url": "https://usn.ubuntu.com/5489-1/", "reference_id": "USN-5489-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5489-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2021-3929" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cenj-mz55-jbg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76982?format=api", "vulnerability_id": "VCID-cnyg-wvxr-gqg3", "summary": "QEMU: sdhci: heap buffer overflow in sdhci_write_dataport()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3447.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03205", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03067", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03032", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03041", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03161", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03163", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03156", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03085", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03098", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03099", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03104", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03129", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03091", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068821", "reference_id": "1068821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068821" }, { "reference_url": "https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/", "reference_id": "20240404085549.16987-1-philmd@linaro.org", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:53:42Z/" } ], "url": "https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123", "reference_id": "2274123", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:53:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-3447", "reference_id": "CVE-2024-3447", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:53:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-3447" }, { "reference_url": "https://usn.ubuntu.com/7744-1/", "reference_id": "USN-7744-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7744-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2024-3447" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnyg-wvxr-gqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67397?format=api", "vulnerability_id": "VCID-d2ve-dnmj-4bbz", "summary": "qemu-kvm: VNC WebSocket handshake use-after-free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11234.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11234.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29323", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31834", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33258", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33215", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33032", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33015", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33349", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33225", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33317", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33263", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33222", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33199", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33238", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11234" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117153", "reference_id": "1117153", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117153" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401209", "reference_id": "2401209", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T15:56:54Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401209" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1", "reference_id": "cpe:/o:redhat:enterprise_linux:10.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-11234", "reference_id": "CVE-2025-11234", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T15:56:54Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-11234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23228", "reference_id": "RHSA-2025:23228", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T15:56:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0326", "reference_id": "RHSA-2026:0326", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T15:56:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0332", "reference_id": "RHSA-2026:0332", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T15:56:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0702", "reference_id": "RHSA-2026:0702", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T15:56:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1831", "reference_id": "RHSA-2026:1831", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T15:56:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:1831" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3077", "reference_id": "RHSA-2026:3077", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T15:56:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3165", "reference_id": "RHSA-2026:3165", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T15:56:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5578", "reference_id": "RHSA-2026:5578", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T15:56:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5578" }, { "reference_url": "https://usn.ubuntu.com/8073-1/", "reference_id": "USN-8073-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8073-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2025-11234" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d2ve-dnmj-4bbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62356?format=api", "vulnerability_id": "VCID-ej5p-r4az-6ud2", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4144.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4144.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05711", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05635", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05669", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05705", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05867", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05798", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05823", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05858", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05866", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05875", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05828", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4144" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148506", "reference_id": "2148506", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:17:04Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148506" }, { "reference_url": "https://security.gentoo.org/glsa/202408-18", "reference_id": "GLSA-202408-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-18" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/", "reference_id": "GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:17:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/", "reference_id": "I7J5IRXJYLELW7D43A75LOWRUE5EU54O", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:17:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/" }, { "reference_url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html", "reference_id": "msg04143.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:17:04Z/" } ], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230127-0012/", "reference_id": "ntap-20230127-0012", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:17:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230127-0012/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0099", "reference_id": "RHSA-2023:0099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0432", "reference_id": "RHSA-2023:0432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0432" }, { "reference_url": "https://usn.ubuntu.com/6167-1/", "reference_id": "USN-6167-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6167-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2022-4144" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ej5p-r4az-6ud2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76983?format=api", "vulnerability_id": "VCID-ewb7-nrtu-g7ex", "summary": "QEMU: virtio: DMA reentrancy issue leads to double free vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3446.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3446.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31784", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32155", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31993", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31866", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34044", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34145", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34178", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34038", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3408", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34111", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34109", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34067", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3446" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068820", "reference_id": "1068820", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068820" }, { "reference_url": "https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/", "reference_id": "20240409105537.18308-1-philmd@linaro.org", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-18T15:34:27Z/" } ], "url": "https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274211", "reference_id": "2274211", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-18T15:34:27Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274211" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-3446", "reference_id": "CVE-2024-3446", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-18T15:34:27Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-3446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6964", "reference_id": "RHSA-2024:6964", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-18T15:34:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9136", "reference_id": "RHSA-2024:9136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9136" }, { "reference_url": "https://usn.ubuntu.com/7744-1/", "reference_id": "USN-7744-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7744-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2024-3446" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewb7-nrtu-g7ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78365?format=api", "vulnerability_id": "VCID-f4sq-73vu-sfdq", "summary": "QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3019.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3019.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0165", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01537", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01625", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01632", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01631", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01544", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01548", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01554", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01543", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01534", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0152", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01536", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3019" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041102", "reference_id": "1041102", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041102" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222351", "reference_id": "2222351", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:26:38Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222351" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::crb", "reference_id": "cpe:/a:redhat:rhel_eus:8.6::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-3019", "reference_id": "CVE-2023-3019", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:26:38Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-3019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0135", "reference_id": "RHSA-2024:0135", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:26:38Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0404", "reference_id": "RHSA-2024:0404", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:26:38Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0569", "reference_id": "RHSA-2024:0569", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:26:38Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2135", "reference_id": "RHSA-2024:2135", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:26:38Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2135" }, { "reference_url": "https://usn.ubuntu.com/7094-1/", "reference_id": "USN-7094-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7094-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2023-3019" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4sq-73vu-sfdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35383?format=api", "vulnerability_id": "VCID-gc6n-kgsc-f3b6", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30194", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30566", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30388", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30273", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30772", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30586", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30645", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30678", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30683", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30638", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30592", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30618", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30601", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31525", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31388", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35505" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909769", "reference_id": "1909769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909769" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984455", "reference_id": "984455", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984455" }, { "reference_url": "https://security.gentoo.org/glsa/202208-27", "reference_id": "GLSA-202208-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-27" }, { "reference_url": "https://usn.ubuntu.com/5010-1/", "reference_id": "USN-5010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2020-35505" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gc6n-kgsc-f3b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77875?format=api", "vulnerability_id": "VCID-kx81-eex4-hug8", "summary": "QEMU: virtio-net: stack buffer overflow in virtio_net_flush_tx()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6693.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6693.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06948", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06823", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06987", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06974", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06978", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06866", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06853", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06907", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06938", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06935", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06928", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06923", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06863", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06845", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254580", "reference_id": "2254580", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:46:00Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254580" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6693", "reference_id": "CVE-2023-6693", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:46:00Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2962", "reference_id": "RHSA-2024:2962", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:46:00Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4492", "reference_id": "RHSA-2025:4492", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:46:00Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4492" }, { "reference_url": "https://usn.ubuntu.com/6954-1/", "reference_id": "USN-6954-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6954-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2023-6693" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kx81-eex4-hug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81154?format=api", "vulnerability_id": "VCID-mtj9-1cns-yybw", "summary": "QEMU: MMIO ops null pointer dereference may lead to DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15469.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12214", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1233", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12377", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12178", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12258", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12308", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12316", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1228", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12243", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12132", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12134", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12244", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12224", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12189", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12078", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15469" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853154", "reference_id": "1853154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853154" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970253", "reference_id": "970253", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970253" }, { "reference_url": "https://usn.ubuntu.com/5010-1/", "reference_id": "USN-5010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2020-15469" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtj9-1cns-yybw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62360?format=api", "vulnerability_id": "VCID-p2dz-mtns-5bb4", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2861.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2861.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12615", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12574", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12424", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12505", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12525", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12447", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1235", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12353", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12857", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12877", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12841", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12731", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2861" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2861" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219266", "reference_id": "2219266", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-24T16:40:48Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219266" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2861", "reference_id": "CVE-2023-2861", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-24T16:40:48Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-2861" }, { "reference_url": "https://security.gentoo.org/glsa/202408-18", "reference_id": "GLSA-202408-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-18" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html", "reference_id": "msg00012.html", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-24T16:40:48Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240125-0005/", "reference_id": "ntap-20240125-0005", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-24T16:40:48Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240125-0005/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240229-0002/", "reference_id": "ntap-20240229-0002", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-24T16:40:48Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240229-0002/" }, { "reference_url": "https://usn.ubuntu.com/6567-1/", "reference_id": "USN-6567-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6567-1/" }, { "reference_url": "https://usn.ubuntu.com/8172-1/", "reference_id": "USN-8172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2023-2861" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2dz-mtns-5bb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74995?format=api", "vulnerability_id": "VCID-ptty-88p4-ybe9", "summary": "qemu-kvm: virtio-net: queue index out-of-bounds access in software RSS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24445", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24556", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.245", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24486", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24767", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.2454", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24611", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24659", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24675", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24577", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24589", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.2458", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6505" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075919", "reference_id": "1075919", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075919" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295760", "reference_id": "2295760", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:15:08Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295760" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-6505", "reference_id": "CVE-2024-6505", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:15:08Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-6505" }, { "reference_url": "https://usn.ubuntu.com/7744-1/", "reference_id": "USN-7744-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7744-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2024-6505" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptty-88p4-ybe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62358?format=api", "vulnerability_id": "VCID-pxjg-chmx-nkdc", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35414.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35414.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53017", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53002", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53026", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.52993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53044", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53037", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53086", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53071", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53055", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53092", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53099", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53082", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53048", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53057", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35414" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014958", "reference_id": "1014958", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014958" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124911", "reference_id": "2124911", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124911" }, { "reference_url": "https://security.gentoo.org/glsa/202408-18", "reference_id": "GLSA-202408-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2022-35414" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxjg-chmx-nkdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35382?format=api", "vulnerability_id": "VCID-qh2s-apkz-sbaz", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35504.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26588", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26634", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31469", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31473", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3143", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31394", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31427", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31407", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31379", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31209", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31085", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31006", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31568", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31385", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35504" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909766", "reference_id": "1909766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909766" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979679", "reference_id": "979679", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979679" }, { "reference_url": "https://security.gentoo.org/glsa/202208-27", "reference_id": "GLSA-202208-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-27" }, { "reference_url": "https://usn.ubuntu.com/5010-1/", "reference_id": "USN-5010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2020-35504" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qh2s-apkz-sbaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78075?format=api", "vulnerability_id": "VCID-qs61-1esc-c3cz", "summary": "QEMU: improper IDE controller reset can lead to MBR overwrite", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5088.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5088.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02176", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02137", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0209", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02103", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0219", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0216", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0215", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02143", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02157", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02134", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02119", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02115", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247283", "reference_id": "2247283", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T14:28:52Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247283" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-5088", "reference_id": "CVE-2023-5088", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T14:28:52Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-5088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2135", "reference_id": "RHSA-2024:2135", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T14:28:52Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2962", "reference_id": "RHSA-2024:2962", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T14:28:52Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2962" }, { "reference_url": "https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/", "reference_id": "T", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-12T14:28:52Z/" } ], "url": "https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/" }, { "reference_url": "https://usn.ubuntu.com/6567-1/", "reference_id": "USN-6567-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6567-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2023-5088" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qs61-1esc-c3cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35406?format=api", "vulnerability_id": "VCID-t5gq-4bhn-gkej", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3611.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3611.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07094", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07214", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07238", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07293", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07319", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07315", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07302", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07223", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08252", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08185", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08348", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08322", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08283", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3611" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3611", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3611" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784", "reference_id": "1973784", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990562", "reference_id": "990562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990562" }, { "reference_url": "https://security.gentoo.org/glsa/202208-27", "reference_id": "GLSA-202208-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7967", "reference_id": "RHSA-2022:7967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7967" }, { "reference_url": "https://usn.ubuntu.com/6567-1/", "reference_id": "USN-6567-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6567-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2021-3611" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5gq-4bhn-gkej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35410?format=api", "vulnerability_id": "VCID-w7gc-1eh2-3ufu", "summary": "Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08535", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08552", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08536", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08429", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08413", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08586", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0854", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08579", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08573", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08752", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.088", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08733", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08812", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08723", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3750" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999073", "reference_id": "1999073", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999073" }, { "reference_url": "https://security.gentoo.org/glsa/202208-27", "reference_id": "GLSA-202208-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7967", "reference_id": "RHSA-2022:7967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6980", "reference_id": "RHSA-2023:6980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0404", "reference_id": "RHSA-2024:0404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0569", "reference_id": "RHSA-2024:0569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0569" }, { "reference_url": "https://usn.ubuntu.com/5772-1/", "reference_id": "USN-5772-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5772-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994614?format=api", "purl": "pkg:deb/debian/qemu@1:7.2%2Bdfsg-7%2Bdeb12u18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46gg-8h8g-2kf5" }, { "vulnerability": "VCID-4mt9-kf9m-2fbz" }, { "vulnerability": "VCID-hkf8-96k7-kuc9" }, { "vulnerability": "VCID-m47q-17n6-t7gg" }, { "vulnerability": "VCID-n71j-fz74-kyhf" }, { "vulnerability": "VCID-t58m-9jqp-43c9" }, { "vulnerability": "VCID-uzxc-npak-yyc4" }, { "vulnerability": "VCID-vcun-y6d5-6uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" } ], "aliases": [ "CVE-2021-3750" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7gc-1eh2-3ufu" } ], "risk_score": "3.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/qemu@1:7.2%252Bdfsg-7%252Bdeb12u18" }