Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/106237?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106237?format=api", "vulnerability_id": "VCID-g1wg-e5kd-ykda", "summary": "Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.", "aliases": [ { "alias": "CVE-2015-3340" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135988?format=api", "purl": "pkg:deb/debian/xen@4.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135902?format=api", "purl": "pkg:deb/debian/xen@4.14.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27xc-hy1s-n7bf" }, { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-2wu6-2tup-2ub2" }, { "vulnerability": "VCID-339r-nmjn-gfa2" }, { "vulnerability": "VCID-3nb3-3wud-jfhv" }, { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-6uvb-67h4-1fgy" }, { "vulnerability": "VCID-7yrz-z3a2-vkgg" }, { "vulnerability": "VCID-8gj8-dga7-gkht" }, { "vulnerability": "VCID-8r4d-1tcs-13gd" }, { "vulnerability": "VCID-9g21-rc3r-5uer" }, { "vulnerability": "VCID-c58r-gesb-f7hq" }, { "vulnerability": "VCID-cgzn-pdre-1bec" }, { "vulnerability": "VCID-cvj7-478z-x3b1" }, { "vulnerability": "VCID-dke6-vwb6-fuf4" }, { "vulnerability": "VCID-dwq4-9tk2-8yfp" }, { "vulnerability": "VCID-f7v4-85sw-1keq" }, { "vulnerability": "VCID-fwx8-9f5e-v7hw" }, { "vulnerability": "VCID-jcpf-68kx-67fr" }, { "vulnerability": "VCID-jm1q-fxpu-qbg3" }, { "vulnerability": "VCID-k3xq-ruut-3yhw" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" }, { "vulnerability": "VCID-k6gh-hx5m-wba2" }, { "vulnerability": "VCID-kcwp-bu7h-6kds" }, { "vulnerability": "VCID-kpyj-6qpe-pbep" }, { "vulnerability": "VCID-ma7k-xrxw-vubd" }, { "vulnerability": "VCID-ma9d-b2uy-jkft" }, { "vulnerability": "VCID-mvnt-qc9z-jygu" }, { "vulnerability": "VCID-navq-t6wp-xqaf" }, { "vulnerability": "VCID-rm4s-2uwv-tkac" }, { "vulnerability": "VCID-rw5e-3s13-hycn" }, { "vulnerability": "VCID-su6k-nv2m-yqac" }, { "vulnerability": "VCID-swjx-x5hb-n3c2" }, { "vulnerability": "VCID-sx9z-gbkd-8fgv" }, { "vulnerability": "VCID-t5nz-98gp-7fa1" }, { "vulnerability": "VCID-t63z-5wwn-1bh9" }, { "vulnerability": "VCID-t9tt-yd4b-r3cy" }, { "vulnerability": "VCID-u4yc-hhne-2kaz" }, { "vulnerability": "VCID-vj8v-zms6-gug9" }, { "vulnerability": "VCID-vkt6-fjzc-4uay" }, { "vulnerability": "VCID-w8sx-m2vx-1ucv" }, { "vulnerability": "VCID-wuca-6w96-kfdp" }, { "vulnerability": "VCID-x9md-fcrv-y7d8" }, { "vulnerability": "VCID-xa2b-k4ye-e7d3" }, { "vulnerability": "VCID-yqrw-w2g9-2kf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.14.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135900?format=api", "purl": "pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135904?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135903?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/194755?format=api", "purl": "pkg:ebuild/app-emulation/pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194756?format=api", "purl": "pkg:ebuild/app-emulation/pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/pvgrub@4.6.0-r9" }, { "url": "http://public2.vulnerablecode.io/api/packages/194750?format=api", "purl": "pkg:ebuild/app-emulation/xen@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen@4.6.0-r9" }, { "url": "http://public2.vulnerablecode.io/api/packages/194751?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194752?format=api", "purl": "pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9" }, { "url": "http://public2.vulnerablecode.io/api/packages/194753?format=api", "purl": "pkg:ebuild/app-emulation/xen-tools@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-tools@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/194754?format=api", "purl": "pkg:ebuild/app-emulation/xen-tools@4.6.0-r9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-tools@4.6.0-r9" } ], "affected_packages": [], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3340.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3340.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70768", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3340" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214035", "reference_id": "1214035", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214035" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784011", "reference_id": "784011", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784011" }, { "reference_url": "https://security.gentoo.org/glsa/201604-03", "reference_id": "GLSA-201604-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201604-03" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-132.html", "reference_id": "XSA-132", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-132.html" } ], "weaknesses": [ { "cwe_id": 200, "name": "Exposure of Sensitive Information to an Unauthorized Actor", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g1wg-e5kd-ykda" }