{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","type":"deb","namespace":"debian","name":"virtualbox","version":"7.2.6-dfsg-4","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184249?format=json","vulnerability_id":"VCID-1133-ysak-37aq","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2909","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2909"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:21Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:21Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2909"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1133-ysak-37aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148950?format=json","vulnerability_id":"VCID-15ja-azw6-xkc3","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4261","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28332","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28403","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28445","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28236","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28303","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28345","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.2835","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28306","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4261"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/94612","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/94612"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/68588","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/68588"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4261","reference_id":"CVE-2014-4261","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4261"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942195?format=json","purl":"pkg:deb/debian/virtualbox@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-4261"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15ja-azw6-xkc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43294?format=json","vulnerability_id":"VCID-1af4-tmj7-hycv","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35542","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13546","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13608","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13631","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13594","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13566","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13727","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13528","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35542"},{"reference_url":"https://security.archlinux.org/ASA-202110-3","reference_id":"ASA-202110-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-3"},{"reference_url":"https://security.archlinux.org/AVG-2476","reference_id":"AVG-2476","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2476"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T19:15:04Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942229?format=json","purl":"pkg:deb/debian/virtualbox@6.1.28-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.28-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-35542"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1af4-tmj7-hycv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335943?format=json","vulnerability_id":"VCID-1cq9-n8ju-wqay","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.12 and  7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62591","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04772","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04792","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04744","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04767","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04782","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04815","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04827","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04814","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62591"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542","reference_id":"1118542","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T20:22:47Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942243?format=json","purl":"pkg:deb/debian/virtualbox@7.2.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-62591"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cq9-n8ju-wqay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61471?format=json","vulnerability_id":"VCID-1epw-6qek-6qgn","summary":"Multiple vulnerabilities have been discovered in Oracle VirtualBox, the worst of which could lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22098","reference_id":"","reference_type":"","scores":[{"value":"0.03669","scoring_system":"epss","scoring_elements":"0.87904","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03669","scoring_system":"epss","scoring_elements":"0.87857","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03669","scoring_system":"epss","scoring_elements":"0.87869","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03669","scoring_system":"epss","scoring_elements":"0.87873","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03669","scoring_system":"epss","scoring_elements":"0.87895","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03669","scoring_system":"epss","scoring_elements":"0.87901","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03669","scoring_system":"epss","scoring_elements":"0.87913","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03669","scoring_system":"epss","scoring_elements":"0.87905","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22098"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202409-11","reference_id":"GLSA-202409-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942238?format=json","purl":"pkg:deb/debian/virtualbox@7.0.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-22098"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1epw-6qek-6qgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37838?format=json","vulnerability_id":"VCID-1f3h-ez88-fudr","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2074","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37624","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37659","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37652","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37522","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37704","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37729","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37608","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2074"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T18:11:44Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2074"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1f3h-ez88-fudr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184743?format=json","vulnerability_id":"VCID-1g1c-khsq-vqfr","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3292","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3292"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:57Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:57Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3292"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1g1c-khsq-vqfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33886?format=json","vulnerability_id":"VCID-1g8c-gp4x-47g4","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2689","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34335","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34653","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34548","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34591","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3462","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34622","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34582","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3468","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2689"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:47Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:47Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2689"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1g8c-gp4x-47g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287444?format=json","vulnerability_id":"VCID-1jw1-krq2-p3fa","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.46 and  Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22016","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13503","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13359","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1344","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1349","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13463","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13564","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15036","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22016"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2023.html","reference_id":"cpujul2023.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T17:57:13Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2023.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942237?format=json","purl":"pkg:deb/debian/virtualbox@7.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-22016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jw1-krq2-p3fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43265?format=json","vulnerability_id":"VCID-1kd2-vwft-zyaq","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2475","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15809","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15877","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15939","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15915","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15868","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1593","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15992","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15791","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2475"},{"reference_url":"https://security.archlinux.org/ASA-202110-3","reference_id":"ASA-202110-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-3"},{"reference_url":"https://security.archlinux.org/AVG-2476","reference_id":"AVG-2476","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2476"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T19:15:13Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942229?format=json","purl":"pkg:deb/debian/virtualbox@6.1.28-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.28-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2475"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kd2-vwft-zyaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47437?format=json","vulnerability_id":"VCID-1kvg-9jhd-vuhq","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14712","reference_id":"","reference_type":"","scores":[{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54269","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54289","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54341","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.5439","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54372","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54351","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54319","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54294","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54345","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14712"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:10Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:10Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:10Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14712"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kvg-9jhd-vuhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33871?format=json","vulnerability_id":"VCID-1kz2-xtxt-ufha","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3002","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37811","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37872","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37836","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.3771","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37891","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37794","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3002"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:26Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3002","reference_id":"CVE-2019-3002","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3002"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:26Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:26Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942221?format=json","purl":"pkg:deb/debian/virtualbox@6.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-3002"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kz2-xtxt-ufha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56414?format=json","vulnerability_id":"VCID-1mnd-zfa2-2qgn","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which might allow unauthorized changes to some critical or all\n    accessible data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3290","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22588","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22703","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22666","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22684","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22643","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22531","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22748","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22613","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3290"},{"reference_url":"http://www.securitytracker.com/id/1037638","reference_id":"1037638","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T20:09:46Z/"}],"url":"http://www.securitytracker.com/id/1037638"},{"reference_url":"http://www.securityfocus.com/bid/95601","reference_id":"95601","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T20:09:46Z/"}],"url":"http://www.securityfocus.com/bid/95601"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","reference_id":"cpujan2017-2881727.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T20:09:46Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"},{"reference_url":"https://security.gentoo.org/glsa/201702-08","reference_id":"GLSA-201702-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T20:09:46Z/"}],"url":"https://security.gentoo.org/glsa/201702-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942208?format=json","purl":"pkg:deb/debian/virtualbox@5.1.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3290"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mnd-zfa2-2qgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47422?format=json","vulnerability_id":"VCID-1ms1-6m6u-bkca","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14676","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36852","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36902","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36918","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36926","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36891","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36832","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37024","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14676"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:47Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:47Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:47Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-894/","reference_id":"ZDI-20-894","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:47Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-894/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14676"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ms1-6m6u-bkca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165435?format=json","vulnerability_id":"VCID-1tnp-5rpu-7bgy","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10240","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18502","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18695","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18601","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18554","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18749","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18466","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18546","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10240"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:05Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99683","reference_id":"99683","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:05Z/"}],"url":"http://www.securityfocus.com/bid/99683"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10240"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1tnp-5rpu-7bgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39897?format=json","vulnerability_id":"VCID-22js-xq7x-syhx","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2676","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37506","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37589","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37533","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37423","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37612","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37489","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3754","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37553","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2676"},{"reference_url":"http://www.securityfocus.com/bid/102699","reference_id":"102699","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:19:54Z/"}],"url":"http://www.securityfocus.com/bid/102699"},{"reference_url":"http://www.securitytracker.com/id/1040202","reference_id":"1040202","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:19:54Z/"}],"url":"http://www.securitytracker.com/id/1040202"},{"reference_url":"https://security.gentoo.org/glsa/201802-01","reference_id":"GLSA-201802-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942213?format=json","purl":"pkg:deb/debian/virtualbox@5.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2676"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22js-xq7x-syhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165433?format=json","vulnerability_id":"VCID-26qh-gga7-7kgd","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10238","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19352","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19212","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19217","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19404","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1912","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.192","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19253","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10238"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:11Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99668","reference_id":"99668","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:11Z/"}],"url":"http://www.securityfocus.com/bid/99668"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10238"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26qh-gga7-7kgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47457?format=json","vulnerability_id":"VCID-26vv-az1y-6ygq","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:19Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2914","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4309","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43149","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43177","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43201","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43153","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2914"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:19Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2914","reference_id":"CVE-2020-2914","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2914"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:19Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2914"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26vv-az1y-6ygq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/161148?format=json","vulnerability_id":"VCID-29mb-1bzt-aqb8","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3597","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22353","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22505","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22376","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22431","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22452","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2241","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22294","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2246","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3597"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:47:53Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:47:53Z/"}],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://www.securityfocus.com/bid/91864","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:47:53Z/"}],"url":"http://www.securityfocus.com/bid/91864"},{"reference_url":"http://www.securitytracker.com/id/1036384","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:47:53Z/"}],"url":"http://www.securitytracker.com/id/1036384"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3597","reference_id":"CVE-2016-3597","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3597"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942205?format=json","purl":"pkg:deb/debian/virtualbox@5.1.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-3597"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29mb-1bzt-aqb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184751?format=json","vulnerability_id":"VCID-29n7-4eyc-y3bk","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3297","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3297"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:51Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:51Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3297"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29n7-4eyc-y3bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37886?format=json","vulnerability_id":"VCID-2a63-hzam-z7h7","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2125","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30983","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31066","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31072","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31028","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3099","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31114","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3098","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2125"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:17Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2125"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2a63-hzam-z7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59753?format=json","vulnerability_id":"VCID-2atk-1h4j-jqbb","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which allows local users to escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6595","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23302","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23513","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23369","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2342","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23439","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23402","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23348","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6595"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888","reference_id":"775888","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942196?format=json","purl":"pkg:deb/debian/virtualbox@4.3.18-dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.18-dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-6595"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2atk-1h4j-jqbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/158782?format=json","vulnerability_id":"VCID-2dnw-zdwz-duc3","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the \"application directory.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0602","reference_id":"","reference_type":"","scores":[{"value":"0.01047","scoring_system":"epss","scoring_elements":"0.77512","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01047","scoring_system":"epss","scoring_elements":"0.77453","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01047","scoring_system":"epss","scoring_elements":"0.7746","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01047","scoring_system":"epss","scoring_elements":"0.77485","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01047","scoring_system":"epss","scoring_elements":"0.77466","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01047","scoring_system":"epss","scoring_elements":"0.77495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01047","scoring_system":"epss","scoring_elements":"0.77505","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01047","scoring_system":"epss","scoring_elements":"0.77531","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01047","scoring_system":"epss","scoring_elements":"0.77515","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0602"},{"reference_url":"http://seclists.org/fulldisclosure/2016/Feb/54","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2016/Feb/54"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.securityfocus.com/archive/1/537462/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/537462/100/0/threaded"},{"reference_url":"http://www.securitytracker.com/id/1034731","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034731"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0602","reference_id":"CVE-2016-0602","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:N/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0602"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942195?format=json","purl":"pkg:deb/debian/virtualbox@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-0602"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dnw-zdwz-duc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47452?format=json","vulnerability_id":"VCID-2dpy-reut-bqft","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:28Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2908","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37204","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3737","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37397","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37225","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.373","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37267","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37239","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2908"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:28Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-501/","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:28Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-501/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2908","reference_id":"CVE-2020-2908","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2908"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:28Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2908"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dpy-reut-bqft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226715?format=json","vulnerability_id":"VCID-2dqk-t9gt-kqhu","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21112","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34211","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34309","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34338","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34202","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34245","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21112"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-19T04:01:11Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21112"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dqk-t9gt-kqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344228?format=json","vulnerability_id":"VCID-2f6u-9ns4-s3bx","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21985","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05954","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05964","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05891","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05925","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05914","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05952","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05992","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05973","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21985"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T18:56:39Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21985"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2f6u-9ns4-s3bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61115?format=json","vulnerability_id":"VCID-2fas-kjyg-kbc8","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4813","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17563","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17609","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17484","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17544","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17557","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17509","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17456","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4896"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942200?format=json","purl":"pkg:deb/debian/virtualbox@5.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-4813"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fas-kjyg-kbc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47395?format=json","vulnerability_id":"VCID-2fc8-9cbt-uyd1","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2863","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2854","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28403","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28453","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28446","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28582","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28384","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28492","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28496","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2863"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:16:02Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:16:02Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2863"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fc8-9cbt-uyd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4038?format=json","vulnerability_id":"VCID-2h35-vvte-g7cs","summary":"x86: CPU lockup during exception delivery","references":[{"reference_url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2636.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2636.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2645.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2645.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0046.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0046.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8104.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8104.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8104","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55511","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55622","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55647","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55625","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55677","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.5568","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55689","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55669","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55651","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592"},{"reference_url":"https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d"},{"reference_url":"https://kb.juniper.net/JSA10783","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"https://kb.juniper.net/JSA10783"},{"reference_url":"http://support.citrix.com/article/CTX202583","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://support.citrix.com/article/CTX202583"},{"reference_url":"http://support.citrix.com/article/CTX203879","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://support.citrix.com/article/CTX203879"},{"reference_url":"http://www.debian.org/security/2015/dsa-3414","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.debian.org/security/2015/dsa-3414"},{"reference_url":"http://www.debian.org/security/2015/dsa-3426","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.debian.org/security/2015/dsa-3426"},{"reference_url":"http://www.debian.org/security/2016/dsa-3454","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.debian.org/security/2016/dsa-3454"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/10/5","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/11/10/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/10/4","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/10/4"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"http://www.securityfocus.com/bid/77524","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.securityfocus.com/bid/77524"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://www.securitytracker.com/id/1034105","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.securitytracker.com/id/1034105"},{"reference_url":"http://www.ubuntu.com/usn/USN-2840-1","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2840-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2841-1","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2841-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2841-2","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2841-2"},{"reference_url":"http://www.ubuntu.com/usn/USN-2842-1","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2842-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2842-2","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2842-2"},{"reference_url":"http://www.ubuntu.com/usn/USN-2843-1","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2843-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2843-2","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2843-2"},{"reference_url":"http://www.ubuntu.com/usn/USN-2844-1","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2844-1"},{"reference_url":"http://xenbits.xen.org/xsa/advisory-156.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://xenbits.xen.org/xsa/advisory-156.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1278496","reference_id":"1278496","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1278496"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8104","reference_id":"CVE-2015-8104","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:C"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2552","reference_id":"RHSA-2015:2552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2636","reference_id":"RHSA-2015:2636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2645","reference_id":"RHSA-2015:2645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0004","reference_id":"RHSA-2016:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0024","reference_id":"RHSA-2016:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0046","reference_id":"RHSA-2016:0046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0103","reference_id":"RHSA-2016:0103","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0103"},{"reference_url":"https://usn.ubuntu.com/2840-1/","reference_id":"USN-2840-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2840-1/"},{"reference_url":"https://usn.ubuntu.com/2841-1/","reference_id":"USN-2841-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2841-1/"},{"reference_url":"https://usn.ubuntu.com/2841-2/","reference_id":"USN-2841-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2841-2/"},{"reference_url":"https://usn.ubuntu.com/2842-1/","reference_id":"USN-2842-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2842-1/"},{"reference_url":"https://usn.ubuntu.com/2842-2/","reference_id":"USN-2842-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2842-2/"},{"reference_url":"https://usn.ubuntu.com/2843-1/","reference_id":"USN-2843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2843-1/"},{"reference_url":"https://usn.ubuntu.com/2843-2/","reference_id":"USN-2843-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2843-2/"},{"reference_url":"https://usn.ubuntu.com/2844-1/","reference_id":"USN-2844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2844-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-156.html","reference_id":"XSA-156","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-156.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942202?format=json","purl":"pkg:deb/debian/virtualbox@5.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-8104"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2h35-vvte-g7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59951?format=json","vulnerability_id":"VCID-2h63-wwcq-b3br","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2594","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3294","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33069","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33102","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32931","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32977","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3301","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32972","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32948","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2594"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2594","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2594"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792446","reference_id":"792446","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792446"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942198?format=json","purl":"pkg:deb/debian/virtualbox@4.3.30-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.30-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-2594"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2h63-wwcq-b3br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37898?format=json","vulnerability_id":"VCID-2hdx-s4fs-wua5","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2128","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37843","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37876","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37889","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37904","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37868","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.3774","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37923","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37948","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37826","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2128"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:12Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2128"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hdx-s4fs-wua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/225943?format=json","vulnerability_id":"VCID-2qtf-4bmt-5uev","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21114","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34211","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34309","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34338","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34202","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34245","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21114"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-19T04:01:13Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21114"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qtf-4bmt-5uev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/248617?format=json","vulnerability_id":"VCID-2r65-7mst-7ff7","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2321","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36599","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36659","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36624","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36539","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36711","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36742","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3658","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36651","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2321"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2321"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2r65-7mst-7ff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203341?format=json","vulnerability_id":"VCID-2rmb-xydd-ckbs","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.26 and prior to 6.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2527","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42375","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42395","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42418","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42442","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42405","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42321","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42424","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42362","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42411","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2527"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:54Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:54Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2527","reference_id":"CVE-2019-2527","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2527"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2527"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2rmb-xydd-ckbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267043?format=json","vulnerability_id":"VCID-2srn-84s5-jka6","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21491","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32618","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32685","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32647","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32753","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32789","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.3261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32658","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21491"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942231?format=json","purl":"pkg:deb/debian/virtualbox@6.1.34-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.34-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21491"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2srn-84s5-jka6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/225921?format=json","vulnerability_id":"VCID-2uba-3jre-9kaw","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21115","reference_id":"","reference_type":"","scores":[{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49668","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49695","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49667","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49649","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49676","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49683","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49678","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21115"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-19T04:01:13Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21115"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2uba-3jre-9kaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59750?format=json","vulnerability_id":"VCID-2vj4-6kgd-kfap","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which allows local users to escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6588","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23302","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23513","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23369","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2342","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23439","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23402","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23348","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6588"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888","reference_id":"775888","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942196?format=json","purl":"pkg:deb/debian/virtualbox@4.3.18-dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.18-dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-6588"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vj4-6kgd-kfap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59335?format=json","vulnerability_id":"VCID-2xmv-8fj4-bke9","summary":"Multiple vulnerabilities have been found in VirtualBox, allowing\n    local attackers to escalate their privileges or cause a Denial of Service\n    condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3221","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60416","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60293","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60368","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60395","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60363","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60412","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60428","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60449","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60435","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3221"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79380","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79380"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16681","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16681"},{"reference_url":"http://www.debian.org/security/2012/dsa-2594","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2012/dsa-2594"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"},{"reference_url":"http://www.securityfocus.com/bid/56045","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/56045"},{"reference_url":"http://www.securitytracker.com/id?1027666","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1027666"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690777","reference_id":"690777","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690777"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:virtualization:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:virtualization:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3221","reference_id":"CVE-2012-3221","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3221"},{"reference_url":"https://security.gentoo.org/glsa/201401-13","reference_id":"GLSA-201401-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-13"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux_x86-64/dos/21224.c","reference_id":"OSVDB-86384;CVE-2012-3221;OSVDB-85356","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux_x86-64/dos/21224.c"},{"reference_url":"https://www.securityfocus.com/bid/55471/info","reference_id":"OSVDB-86384;CVE-2012-3221;OSVDB-85356","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/55471/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942189?format=json","purl":"pkg:deb/debian/virtualbox@4.1.18-dfsg-1.1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.1.18-dfsg-1.1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2012-3221"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xmv-8fj4-bke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47416?format=json","vulnerability_id":"VCID-3acw-eupj-2fad","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14649","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36852","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36902","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36918","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36926","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36891","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36832","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37024","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14649"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:53Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:53Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:53Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-891/","reference_id":"ZDI-20-891","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:53Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-891/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14649"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3acw-eupj-2fad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47449?format=json","vulnerability_id":"VCID-3cvd-fd19-vfdn","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:38Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2902","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35759","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35881","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35911","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35741","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35792","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35814","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35822","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35782","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35683","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2902"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:38Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-497/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:38Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-497/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2902","reference_id":"CVE-2020-2902","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2902"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:38Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2902"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cvd-fd19-vfdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37812?format=json","vulnerability_id":"VCID-3fme-q3w9-j7hc","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14885","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33961","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.343","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34193","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34266","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34225","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34201","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34329","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14885"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:43:00Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1281/","reference_id":"ZDI-20-1281","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:43:00Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1281/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942223?format=json","purl":"pkg:deb/debian/virtualbox@6.1.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14885"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3fme-q3w9-j7hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162126?format=json","vulnerability_id":"VCID-3gaa-z5jw-g3e2","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5538","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33777","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33843","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33801","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33549","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33884","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33915","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33769","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33812","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33845","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5538"},{"reference_url":"http://www.securityfocus.com/bid/93697","reference_id":"93697","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T17:47:00Z/"}],"url":"http://www.securityfocus.com/bid/93697"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942207?format=json","purl":"pkg:deb/debian/virtualbox@5.1.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-5538"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gaa-z5jw-g3e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335463?format=json","vulnerability_id":"VCID-3mbm-tn7y-abg5","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.12 and  7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61759","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05338","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05348","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05308","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05334","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05367","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05391","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0536","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61759"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542","reference_id":"1118542","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T17:29:54Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942243?format=json","purl":"pkg:deb/debian/virtualbox@7.2.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-61759"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mbm-tn7y-abg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56579?format=json","vulnerability_id":"VCID-3mx7-d15v-rkfw","summary":"Multiple vulnerabilities were found in VirtualBox, allowing local\n    attackers to gain escalated privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2305","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40724","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40809","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40836","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40761","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40811","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40818","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40783","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2305"},{"reference_url":"https://security.gentoo.org/glsa/201204-01","reference_id":"GLSA-201204-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942187?format=json","purl":"pkg:deb/debian/virtualbox@4.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2011-2305"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mx7-d15v-rkfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344227?format=json","vulnerability_id":"VCID-3nw6-9452-6bgk","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21984","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0814","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08157","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08155","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08102","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08161","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08177","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21984"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:22Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21984"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3nw6-9452-6bgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47414?format=json","vulnerability_id":"VCID-3nyp-v4dh-k7ft","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14647","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36852","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36902","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36918","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36926","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36891","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36832","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37024","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14647"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:54Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-890/","reference_id":"ZDI-20-890","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:54Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-890/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14647"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3nyp-v4dh-k7ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184488?format=json","vulnerability_id":"VCID-3pt6-aef6-g3bg","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3085","reference_id":"","reference_type":"","scores":[{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68454","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68467","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68517","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68535","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68561","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68548","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68472","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68492","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3085"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:08:58Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/104764","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:08:58Z/"}],"url":"http://www.securityfocus.com/bid/104764"},{"reference_url":"http://www.securitytracker.com/id/1041296","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:08:58Z/"}],"url":"http://www.securitytracker.com/id/1041296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3085","reference_id":"CVE-2018-3085","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3085"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942216?format=json","purl":"pkg:deb/debian/virtualbox@5.2.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3085"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pt6-aef6-g3bg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226674?format=json","vulnerability_id":"VCID-3q4q-e9xc-pqgp","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21113","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32242","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32204","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32302","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3234","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32165","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32214","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32241","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21113"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-19T04:01:12Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21113"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3q4q-e9xc-pqgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43137?format=json","vulnerability_id":"VCID-3rtp-jbxr-1qey","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2286","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38119","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38153","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38161","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38179","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38143","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3803","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3821","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38103","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2286"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:53Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2286"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rtp-jbxr-1qey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184498?format=json","vulnerability_id":"VCID-3vrc-m3ra-wker","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3091","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47793","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47801","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47854","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4785","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47874","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4786","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47831","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47853","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3091"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:08:57Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/104764","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:08:57Z/"}],"url":"http://www.securityfocus.com/bid/104764"},{"reference_url":"http://www.securitytracker.com/id/1041296","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:08:57Z/"}],"url":"http://www.securitytracker.com/id/1041296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3091","reference_id":"CVE-2018-3091","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3091"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942216?format=json","purl":"pkg:deb/debian/virtualbox@5.2.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3091"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3vrc-m3ra-wker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203309?format=json","vulnerability_id":"VCID-3wdm-kske-ufg6","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:10Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2504","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26491","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26587","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26593","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26548","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26595","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26641","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26685","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2647","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26538","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2504"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:10Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:10Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2504","reference_id":"CVE-2019-2504","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2504"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2504"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3wdm-kske-ufg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47411?format=json","vulnerability_id":"VCID-3y4z-5rfm-83g8","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14628","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39535","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39569","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39508","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39563","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39589","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39551","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39406","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39592","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14628"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:57Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:57Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:57Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-886/","reference_id":"ZDI-20-886","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:57Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-886/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14628"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3y4z-5rfm-83g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344225?format=json","vulnerability_id":"VCID-3y8r-53vp-cbbx","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21982","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20906","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2096","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21079","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21132","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20846","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20926","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20988","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21004","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21982"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:25Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21982"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3y8r-53vp-cbbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203538?format=json","vulnerability_id":"VCID-42aj-vkah-muff","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2703","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55332","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55358","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55233","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55356","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55338","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55388","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55398","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55376","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2703"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2703"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42aj-vkah-muff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59082?format=json","vulnerability_id":"VCID-45uz-b4kt-ykdg","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0418","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22319","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22484","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22529","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22317","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22399","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22454","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22474","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22433","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22378","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0418"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888","reference_id":"775888","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942197?format=json","purl":"pkg:deb/debian/virtualbox@4.3.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-0418"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45uz-b4kt-ykdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147941?format=json","vulnerability_id":"VCID-47ac-172h-puf9","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2489","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26191","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2632","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2636","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26401","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26173","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26241","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26296","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2625","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2489"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939","reference_id":"754939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2489","reference_id":"CVE-2014-2489","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2489"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942194?format=json","purl":"pkg:deb/debian/virtualbox@4.3.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-2489"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47ac-172h-puf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203524?format=json","vulnerability_id":"VCID-4nyc-f22h-4fbh","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2680","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34061","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33956","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33718","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34092","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3395","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33991","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3398","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2680"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2680"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nyc-f22h-4fbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47415?format=json","vulnerability_id":"VCID-4nyx-grab-93ha","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14648","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35068","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35048","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35052","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35016","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35095","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14648"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:33Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:33Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:33Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-889/","reference_id":"ZDI-20-889","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:33Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-889/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14648"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nyx-grab-93ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43090?format=json","vulnerability_id":"VCID-4sk2-6fz1-6qd1","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2264","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29875","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29919","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29966","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29778","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2984","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29884","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29838","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29788","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2264"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/04/26/1","reference_id":"1","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T14:48:20Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/04/26/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/04/26/2","reference_id":"2","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T14:48:20Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/04/26/2"},{"reference_url":"https://security.archlinux.org/AVG-1870","reference_id":"AVG-1870","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1870"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T14:48:20Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2264"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sk2-6fz1-6qd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37853?format=json","vulnerability_id":"VCID-4txk-ybs5-ukea","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2112","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37094","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37106","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37007","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37183","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37212","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37043","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2112"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:38Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2112"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4txk-ybs5-ukea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47439?format=json","vulnerability_id":"VCID-4vcx-trqp-97af","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14714","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26207","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26287","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26215","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26224","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26178","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26119","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26328","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26167","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14714"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:09Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14714"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vcx-trqp-97af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47433?format=json","vulnerability_id":"VCID-4xnp-72y4-2uh4","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14703","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37301","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37436","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37289","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37351","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37363","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37329","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37271","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3746","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14703"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:22Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:22Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:22Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-905/","reference_id":"ZDI-20-905","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:22Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-905/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14703"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xnp-72y4-2uh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171540?format=json","vulnerability_id":"VCID-59ka-knuq-pfdb","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3513","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20367","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20386","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20443","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20469","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20424","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20372","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20518","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20576","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20304","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3513"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:45:12Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"},{"reference_url":"http://www.securityfocus.com/bid/97736","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:45:12Z/"}],"url":"http://www.securityfocus.com/bid/97736"},{"reference_url":"http://www.securitytracker.com/id/1038288","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:45:12Z/"}],"url":"http://www.securitytracker.com/id/1038288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3513","reference_id":"CVE-2017-3513","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:N"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3513"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942211?format=json","purl":"pkg:deb/debian/virtualbox@5.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3513"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59ka-knuq-pfdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203333?format=json","vulnerability_id":"VCID-5ae9-et5p-9yat","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:17Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2522","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2522"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:17Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:17Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2522","reference_id":"CVE-2019-2522","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2522"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2522"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ae9-et5p-9yat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40278?format=json","vulnerability_id":"VCID-5af2-fa5b-puat","summary":"Multiple vulnerabilities have been discovered in VirtualBox, leading to compomise of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21886","reference_id":"","reference_type":"","scores":[{"value":"0.00915","scoring_system":"epss","scoring_elements":"0.75897","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00915","scoring_system":"epss","scoring_elements":"0.75899","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00915","scoring_system":"epss","scoring_elements":"0.75922","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00915","scoring_system":"epss","scoring_elements":"0.75903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00915","scoring_system":"epss","scoring_elements":"0.75841","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00915","scoring_system":"epss","scoring_elements":"0.75873","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00915","scoring_system":"epss","scoring_elements":"0.75853","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00915","scoring_system":"epss","scoring_elements":"0.75885","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21886"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153","reference_id":"1029153","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153"},{"reference_url":"https://security.gentoo.org/glsa/202310-07","reference_id":"GLSA-202310-07","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T13:39:34Z/"}],"url":"https://security.gentoo.org/glsa/202310-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942235?format=json","purl":"pkg:deb/debian/virtualbox@7.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21886"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5af2-fa5b-puat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184749?format=json","vulnerability_id":"VCID-5b3f-5cbq-jycs","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3296","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3296"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:52Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:52Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3296"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5b3f-5cbq-jycs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226818?format=json","vulnerability_id":"VCID-5b91-2rka-2bd2","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21121","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36398","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36455","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3642","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36538","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36376","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36427","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36447","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21121"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-26T03:55:33Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21121"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5b91-2rka-2bd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43358?format=json","vulnerability_id":"VCID-5d4j-pgur-qqcp","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21471","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35264","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35341","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35251","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35297","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3532","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35322","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35287","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35368","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21471"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:07:49Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942231?format=json","purl":"pkg:deb/debian/virtualbox@6.1.34-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.34-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21471"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5d4j-pgur-qqcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203311?format=json","vulnerability_id":"VCID-5dnb-z566-67by","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2505","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27031","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27129","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27132","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27089","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27185","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27014","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27083","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2505"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:09Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:09Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2505","reference_id":"CVE-2019-2505","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2505"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2505"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dnb-z566-67by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171595?format=json","vulnerability_id":"VCID-5g31-n2ar-zuea","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3576","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4469","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4473","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44783","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44785","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44802","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44771","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44773","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4477","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44791","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3576"},{"reference_url":"https://www.exploit-db.com/exploits/41907/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:10Z/"}],"url":"https://www.exploit-db.com/exploits/41907/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:10Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"},{"reference_url":"http://www.securityfocus.com/bid/97759","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:10Z/"}],"url":"http://www.securityfocus.com/bid/97759"},{"reference_url":"http://www.securitytracker.com/id/1038288","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:10Z/"}],"url":"http://www.securitytracker.com/id/1038288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1141","reference_id":"CVE-2017-3576","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1141"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/41907.c","reference_id":"CVE-2017-3576","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/41907.c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3576","reference_id":"CVE-2017-3576","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942211?format=json","purl":"pkg:deb/debian/virtualbox@5.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3576"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5g31-n2ar-zuea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203365?format=json","vulnerability_id":"VCID-5q9d-47a4-9uah","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:28Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2553","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27031","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27129","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27132","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27089","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27185","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27014","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27083","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2553"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:28Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:28Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2553","reference_id":"CVE-2019-2553","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2553"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2553"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5q9d-47a4-9uah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47436?format=json","vulnerability_id":"VCID-5qtn-9jhp-mubb","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14711","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59062","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59049","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.591","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59104","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.58987","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59085","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14711"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:54:21Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:54:21Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:54:21Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942195?format=json","purl":"pkg:deb/debian/virtualbox@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14711"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qtn-9jhp-mubb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203528?format=json","vulnerability_id":"VCID-5x3d-8v24-73hg","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2690","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34061","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33956","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33718","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34092","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3395","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33991","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3398","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2690"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2690"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5x3d-8v24-73hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165437?format=json","vulnerability_id":"VCID-5xff-vqcp-rqay","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10242","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19352","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19212","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19217","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19404","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1912","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.192","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19253","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10242"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:48:59Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99689","reference_id":"99689","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:48:59Z/"}],"url":"http://www.securityfocus.com/bid/99689"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10242"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xff-vqcp-rqay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203336?format=json","vulnerability_id":"VCID-5xv9-gayz-jbdb","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2524","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2524"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:14Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:14Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2524","reference_id":"CVE-2019-2524","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2524"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2524"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xv9-gayz-jbdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203244?format=json","vulnerability_id":"VCID-625m-j3ya-dua2","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:38Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:38Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2450","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30294","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30478","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30347","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2450"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:38Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:38Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2450","reference_id":"CVE-2019-2450","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2450"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2450"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-625m-j3ya-dua2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330589?format=json","vulnerability_id":"VCID-644f-8x1b-8ye4","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53029","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06482","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0651","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.065","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0655","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06592","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06786","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06779","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06793","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53029"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373","reference_id":"1109373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T19:47:54Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942242?format=json","purl":"pkg:deb/debian/virtualbox@7.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-53029"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-644f-8x1b-8ye4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39906?format=json","vulnerability_id":"VCID-6bav-pth5-g3fp","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2685","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39329","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39366","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39348","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39179","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39389","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39303","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39358","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39375","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2685"},{"reference_url":"http://www.securityfocus.com/bid/102689","reference_id":"102689","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:52Z/"}],"url":"http://www.securityfocus.com/bid/102689"},{"reference_url":"http://www.securitytracker.com/id/1040202","reference_id":"1040202","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:52Z/"}],"url":"http://www.securitytracker.com/id/1040202"},{"reference_url":"https://security.gentoo.org/glsa/201802-01","reference_id":"GLSA-201802-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942213?format=json","purl":"pkg:deb/debian/virtualbox@5.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2685"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bav-pth5-g3fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335464?format=json","vulnerability_id":"VCID-6dww-g6vm-uqar","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.12 and  7.2.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61760","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06008","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05931","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05963","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05947","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05986","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06025","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06016","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61760"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542","reference_id":"1118542","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-23T03:55:25Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942243?format=json","purl":"pkg:deb/debian/virtualbox@7.2.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-61760"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dww-g6vm-uqar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37913?format=json","vulnerability_id":"VCID-6e2r-qhmm-t7ca","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2131","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53691","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53763","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53761","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53809","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53792","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53777","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53711","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53738","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2131"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:10Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2131"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6e2r-qhmm-t7ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47442?format=json","vulnerability_id":"VCID-6fnv-g6gm-jkfc","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2701","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37907","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37951","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2701"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:57Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-550/","reference_id":"ZDI-20-550","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:57Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-550/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2701"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fnv-g6gm-jkfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203555?format=json","vulnerability_id":"VCID-6g9h-qjtq-83bv","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2723","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35496","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35561","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35517","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35374","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35599","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35482","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35528","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35553","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2723"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-19-423/","reference_id":"ZDI-19-423","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:39Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-423/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-19-424/","reference_id":"ZDI-19-424","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:39Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-424/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2723"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6g9h-qjtq-83bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56416?format=json","vulnerability_id":"VCID-6gzd-ma2m-wued","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which might allow unauthorized changes to some critical or all\n    accessible data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3332","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29877","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.30008","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29968","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29973","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29967","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.30056","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2987","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29931","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3332"},{"reference_url":"http://www.securitytracker.com/id/1037638","reference_id":"1037638","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T20:09:17Z/"}],"url":"http://www.securitytracker.com/id/1037638"},{"reference_url":"http://www.securityfocus.com/bid/95599","reference_id":"95599","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T20:09:17Z/"}],"url":"http://www.securityfocus.com/bid/95599"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","reference_id":"cpujan2017-2881727.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T20:09:17Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"},{"reference_url":"https://security.gentoo.org/glsa/201702-08","reference_id":"GLSA-201702-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T20:09:17Z/"}],"url":"https://security.gentoo.org/glsa/201702-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942208?format=json","purl":"pkg:deb/debian/virtualbox@5.1.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3332"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gzd-ma2m-wued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39972?format=json","vulnerability_id":"VCID-6hse-9ytw-77a8","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2698","reference_id":"","reference_type":"","scores":[{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73218","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73167","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73198","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73212","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73237","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73157","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73188","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73162","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2698"},{"reference_url":"http://www.securityfocus.com/bid/102688","reference_id":"102688","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:31Z/"}],"url":"http://www.securityfocus.com/bid/102688"},{"reference_url":"http://www.securitytracker.com/id/1040202","reference_id":"1040202","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:31Z/"}],"url":"http://www.securitytracker.com/id/1040202"},{"reference_url":"https://www.exploit-db.com/exploits/43878/","reference_id":"43878","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:31Z/"}],"url":"https://www.exploit-db.com/exploits/43878/"},{"reference_url":"https://blogs.securiteam.com/index.php/archives/3649","reference_id":"CVE-2018-2698","reference_type":"exploit","scores":[],"url":"https://blogs.securiteam.com/index.php/archives/3649"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43878.md","reference_id":"CVE-2018-2698","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43878.md"},{"reference_url":"https://security.gentoo.org/glsa/201802-01","reference_id":"GLSA-201802-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942213?format=json","purl":"pkg:deb/debian/virtualbox@5.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2698"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hse-9ytw-77a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171579?format=json","vulnerability_id":"VCID-6j81-1pbz-ufcj","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3559","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18033","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18057","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18118","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18125","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18056","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18217","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1827","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17971","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3559"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:44Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"},{"reference_url":"http://www.securityfocus.com/bid/97739","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:44Z/"}],"url":"http://www.securityfocus.com/bid/97739"},{"reference_url":"http://www.securitytracker.com/id/1038288","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:44Z/"}],"url":"http://www.securitytracker.com/id/1038288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3559","reference_id":"CVE-2017-3559","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942211?format=json","purl":"pkg:deb/debian/virtualbox@5.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3559"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6j81-1pbz-ufcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47398?format=json","vulnerability_id":"VCID-6juz-7nx9-8qe7","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2866","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37041","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36939","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36871","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37074","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36953","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36966","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36974","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2866"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:35Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:35Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2866"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6juz-7nx9-8qe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203331?format=json","vulnerability_id":"VCID-6v66-95ez-u7ev","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:18Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2521","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2521"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:18Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:18Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2521","reference_id":"CVE-2019-2521","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2521"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2521"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6v66-95ez-u7ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287423?format=json","vulnerability_id":"VCID-6w31-wsm4-mufh","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21989","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22136","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22197","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22251","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22297","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22081","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22162","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22217","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22238","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21989"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942236?format=json","purl":"pkg:deb/debian/virtualbox@7.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21989"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6w31-wsm4-mufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165577?format=json","vulnerability_id":"VCID-77b5-6nkn-37e8","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10428","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16562","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16684","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16621","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16512","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16694","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16547","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10428"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:41:44Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securityfocus.com/bid/101362","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:41:44Z/"}],"url":"http://www.securityfocus.com/bid/101362"},{"reference_url":"http://www.securitytracker.com/id/1039599","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:41:44Z/"}],"url":"http://www.securitytracker.com/id/1039599"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10428","reference_id":"CVE-2017-10428","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:P/A:P"},{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942210?format=json","purl":"pkg:deb/debian/virtualbox@5.1.30-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.30-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10428"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77b5-6nkn-37e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37863?format=json","vulnerability_id":"VCID-7agu-g9dg-b3d6","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2120","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36588","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3662","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36639","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36646","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36612","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36527","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36699","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3673","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36568","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2120"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:27Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2120"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7agu-g9dg-b3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43110?format=json","vulnerability_id":"VCID-7b9u-tggy-gqej","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2279","reference_id":"","reference_type":"","scores":[{"value":"0.07624","scoring_system":"epss","scoring_elements":"0.9183","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07624","scoring_system":"epss","scoring_elements":"0.91838","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07624","scoring_system":"epss","scoring_elements":"0.91845","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07624","scoring_system":"epss","scoring_elements":"0.91853","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07624","scoring_system":"epss","scoring_elements":"0.91866","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07624","scoring_system":"epss","scoring_elements":"0.91871","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07624","scoring_system":"epss","scoring_elements":"0.91875","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2279"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T14:47:59Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-21-453/","reference_id":"ZDI-21-453","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T14:47:59Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-453/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2279"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7b9u-tggy-gqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330590?format=json","vulnerability_id":"VCID-7bvm-wdur-s7at","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53030","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08644","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08423","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08396","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08468","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08487","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0868","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53030"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373","reference_id":"1109373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-17T03:55:38Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942242?format=json","purl":"pkg:deb/debian/virtualbox@7.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-53030"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bvm-wdur-s7at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33893?format=json","vulnerability_id":"VCID-7bze-1pt2-23bp","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2702","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37907","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37951","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2702"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:56Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:56Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2702"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bze-1pt2-23bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184490?format=json","vulnerability_id":"VCID-7c35-93nr-93cv","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3086","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3086"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:27Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/104764","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:27Z/"}],"url":"http://www.securityfocus.com/bid/104764"},{"reference_url":"http://www.securitytracker.com/id/1041296","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:27Z/"}],"url":"http://www.securitytracker.com/id/1041296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3086","reference_id":"CVE-2018-3086","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3086"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942216?format=json","purl":"pkg:deb/debian/virtualbox@5.2.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3086"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7c35-93nr-93cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43134?format=json","vulnerability_id":"VCID-7d2s-r3zf-u7ag","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2283","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39875","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3997","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40036","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.4001","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40049","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2283"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:42:40Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2283"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7d2s-r3zf-u7ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47435?format=json","vulnerability_id":"VCID-7gts-v1hm-sbgs","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14707","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44663","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44743","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44755","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44758","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44774","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44744","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44702","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14707"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:16Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:16Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:16Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14707"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gts-v1hm-sbgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203307?format=json","vulnerability_id":"VCID-7kps-avn8-ubaj","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:21Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2500","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2500"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:21Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:21Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2500","reference_id":"CVE-2019-2500","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2500"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2500"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kps-avn8-ubaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/161153?format=json","vulnerability_id":"VCID-7u7v-d9gp-rugm","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3612","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56627","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56629","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56659","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56664","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56648","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56511","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56608","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3612"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:47:50Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:47:50Z/"}],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://www.securityfocus.com/bid/91860","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:47:50Z/"}],"url":"http://www.securityfocus.com/bid/91860"},{"reference_url":"http://www.securitytracker.com/id/1036384","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:47:50Z/"}],"url":"http://www.securitytracker.com/id/1036384"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3612","reference_id":"CVE-2016-3612","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3612"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942206?format=json","purl":"pkg:deb/debian/virtualbox@5.0.22-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.0.22-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-3612"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7u7v-d9gp-rugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165431?format=json","vulnerability_id":"VCID-7wuj-m4tx-hket","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10236","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18502","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18695","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18601","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18554","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18749","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18466","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18546","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10236"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:14Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99645","reference_id":"99645","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:14Z/"}],"url":"http://www.securityfocus.com/bid/99645"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10236"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wuj-m4tx-hket"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184741?format=json","vulnerability_id":"VCID-85jv-3ssg-dkc1","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3291","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3291"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:59Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:59Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3291"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85jv-3ssg-dkc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47459?format=json","vulnerability_id":"VCID-8bqe-gk57-qqaa","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:15Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2951","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35685","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35675","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35721","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35744","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35753","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35709","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35573","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35769","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2951"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:15Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2951","reference_id":"CVE-2020-2951","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2951"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:15Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2951"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bqe-gk57-qqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165434?format=json","vulnerability_id":"VCID-8enk-che5-e7f3","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10239","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19352","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19212","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19217","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19404","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1912","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.192","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19253","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10239"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:06Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99681","reference_id":"99681","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:06Z/"}],"url":"http://www.securityfocus.com/bid/99681"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10239"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8enk-che5-e7f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344209?format=json","vulnerability_id":"VCID-8fwv-bnnu-7bf7","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21963","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05461","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05468","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05412","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05445","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05451","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05486","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05508","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05482","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21963"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:48:27Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21963"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fwv-bnnu-7bf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287421?format=json","vulnerability_id":"VCID-8n1x-aejs-z7f2","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21987","reference_id":"","reference_type":"","scores":[{"value":"0.08511","scoring_system":"epss","scoring_elements":"0.92379","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08511","scoring_system":"epss","scoring_elements":"0.92377","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08511","scoring_system":"epss","scoring_elements":"0.92346","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08511","scoring_system":"epss","scoring_elements":"0.92352","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08511","scoring_system":"epss","scoring_elements":"0.92355","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08511","scoring_system":"epss","scoring_elements":"0.92367","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08511","scoring_system":"epss","scoring_elements":"0.92371","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21987"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942236?format=json","purl":"pkg:deb/debian/virtualbox@7.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21987"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8n1x-aejs-z7f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33869?format=json","vulnerability_id":"VCID-8n55-mekz-tfcq","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2944","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33987","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34024","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34055","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34054","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33753","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3409","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34122","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33982","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2944"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:14:49Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2944","reference_id":"CVE-2019-2944","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2944"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:14:49Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:14:49Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942221?format=json","purl":"pkg:deb/debian/virtualbox@6.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2944"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8n55-mekz-tfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39921?format=json","vulnerability_id":"VCID-8ndb-ms9z-ffe3","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2687","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39329","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39366","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39348","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39179","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39389","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39303","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39358","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39375","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2687"},{"reference_url":"http://www.securityfocus.com/bid/102691","reference_id":"102691","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:07Z/"}],"url":"http://www.securityfocus.com/bid/102691"},{"reference_url":"http://www.securitytracker.com/id/1040202","reference_id":"1040202","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:07Z/"}],"url":"http://www.securitytracker.com/id/1040202"},{"reference_url":"https://security.gentoo.org/glsa/201802-01","reference_id":"GLSA-201802-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942213?format=json","purl":"pkg:deb/debian/virtualbox@5.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2687"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ndb-ms9z-ffe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61473?format=json","vulnerability_id":"VCID-8p2y-n23g-77bn","summary":"Multiple vulnerabilities have been discovered in Oracle VirtualBox, the worst of which could lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22100","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37926","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38004","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.3803","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37909","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37959","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37971","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37951","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22100"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202409-11","reference_id":"GLSA-202409-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942238?format=json","purl":"pkg:deb/debian/virtualbox@7.0.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-22100"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8p2y-n23g-77bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4017?format=json","vulnerability_id":"VCID-8q9q-fs5n-gyfj","summary":"Privilege escalation via emulated floppy disk drive","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3456.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3456.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3456","reference_id":"","reference_type":"","scores":[{"value":"0.32263","scoring_system":"epss","scoring_elements":"0.96809","published_at":"2026-04-01T12:55:00Z"},{"value":"0.32263","scoring_system":"epss","scoring_elements":"0.96816","published_at":"2026-04-02T12:55:00Z"},{"value":"0.36084","scoring_system":"epss","scoring_elements":"0.97079","published_at":"2026-04-07T12:55:00Z"},{"value":"0.36084","scoring_system":"epss","scoring_elements":"0.97088","published_at":"2026-04-08T12:55:00Z"},{"value":"0.36084","scoring_system":"epss","scoring_elements":"0.97089","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36084","scoring_system":"epss","scoring_elements":"0.97092","published_at":"2026-04-11T12:55:00Z"},{"value":"0.36084","scoring_system":"epss","scoring_elements":"0.97093","published_at":"2026-04-12T12:55:00Z"},{"value":"0.36084","scoring_system":"epss","scoring_elements":"0.97094","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1218611","reference_id":"1218611","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1218611"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785424","reference_id":"785424","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785424"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/37053.c","reference_id":"CVE-2015-3456;OSVDB-122072","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/37053.c"},{"reference_url":"https://marc.info/?l=oss-security&m=143155206320935&w=2","reference_id":"CVE-2015-3456;OSVDB-122072","reference_type":"exploit","scores":[],"url":"https://marc.info/?l=oss-security&m=143155206320935&w=2"},{"reference_url":"https://security.gentoo.org/glsa/201602-01","reference_id":"GLSA-201602-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201602-01"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0998","reference_id":"RHSA-2015:0998","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0999","reference_id":"RHSA-2015:0999","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0999"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1000","reference_id":"RHSA-2015:1000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1001","reference_id":"RHSA-2015:1001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1002","reference_id":"RHSA-2015:1002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1003","reference_id":"RHSA-2015:1003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1004","reference_id":"RHSA-2015:1004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1011","reference_id":"RHSA-2015:1011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1031","reference_id":"RHSA-2015:1031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1031"},{"reference_url":"https://usn.ubuntu.com/2608-1/","reference_id":"USN-2608-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2608-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-133.html","reference_id":"XSA-133","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-133.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942199?format=json","purl":"pkg:deb/debian/virtualbox@4.3.28-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.28-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-3456"],"risk_score":0.6,"exploitability":"2.0","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8q9q-fs5n-gyfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184748?format=json","vulnerability_id":"VCID-8vpe-4asg-bqaa","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3295","reference_id":"","reference_type":"","scores":[{"value":"0.11289","scoring_system":"epss","scoring_elements":"0.935","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11289","scoring_system":"epss","scoring_elements":"0.93524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11289","scoring_system":"epss","scoring_elements":"0.93516","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11289","scoring_system":"epss","scoring_elements":"0.93519","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11289","scoring_system":"epss","scoring_elements":"0.93491","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11289","scoring_system":"epss","scoring_elements":"0.93508","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3295"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:53Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:53Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3295"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vpe-4asg-bqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33879?format=json","vulnerability_id":"VCID-8yh6-4cvt-uufn","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3031","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32034","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32023","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32103","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32107","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32068","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32037","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32161","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.322","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3031"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-19-918/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:07Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-918/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:07Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3031","reference_id":"CVE-2019-3031","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3031"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:07Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:07Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942221?format=json","purl":"pkg:deb/debian/virtualbox@6.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-3031"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8yh6-4cvt-uufn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33895?format=json","vulnerability_id":"VCID-92va-dj65-8qea","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2703","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35573","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35769","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35675","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35721","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35744","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35753","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35709","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35685","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35795","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2703"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:33Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:33Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2703"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92va-dj65-8qea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55714?format=json","vulnerability_id":"VCID-9363-pb9n-z3cj","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0406","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18474","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18674","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18388","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1847","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18523","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18475","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18424","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5892","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0407"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735410","reference_id":"735410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735410"},{"reference_url":"https://security.gentoo.org/glsa/201401-13","reference_id":"GLSA-201401-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942192?format=json","purl":"pkg:deb/debian/virtualbox@4.3.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-0406"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9363-pb9n-z3cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226484?format=json","vulnerability_id":"VCID-94ka-m2fz-hqak","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21109","reference_id":"","reference_type":"","scores":[{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60203","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60234","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.6022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60155","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60179","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60149","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60199","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60212","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21109"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T20:04:38Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21109"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94ka-m2fz-hqak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43088?format=json","vulnerability_id":"VCID-94zg-371b-qkdp","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2145","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53227","published_at":"2026-04-01T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53277","published_at":"2026-04-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53244","published_at":"2026-04-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53297","published_at":"2026-04-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53291","published_at":"2026-04-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53342","published_at":"2026-04-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53326","published_at":"2026-04-12T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53309","published_at":"2026-04-13T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53251","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2145"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T18:11:37Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-21-455/","reference_id":"ZDI-21-455","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T18:11:37Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-455/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2145"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94zg-371b-qkdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47432?format=json","vulnerability_id":"VCID-96ab-3phb-mqe1","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14700","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35068","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35048","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35052","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35016","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35095","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14700"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:26Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:26Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:26Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-903/","reference_id":"ZDI-20-903","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:26Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-903/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14700"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-96ab-3phb-mqe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162178?format=json","vulnerability_id":"VCID-97tr-vj5r-wubn","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5605","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44261","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44276","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44293","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44196","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44263","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44286","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44219","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44271","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5605"},{"reference_url":"http://www.securityfocus.com/bid/93685","reference_id":"93685","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T17:44:08Z/"}],"url":"http://www.securityfocus.com/bid/93685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942205?format=json","purl":"pkg:deb/debian/virtualbox@5.1.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-5605"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97tr-vj5r-wubn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203335?format=json","vulnerability_id":"VCID-98ty-spyd-tka6","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:15Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2523","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2523"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:15Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:15Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2523","reference_id":"CVE-2019-2523","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2523"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2523"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98ty-spyd-tka6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203242?format=json","vulnerability_id":"VCID-9dsa-x4gg-kbg1","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:40Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:40Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2448","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3661","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36671","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36553","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36645","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2448"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:40Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:40Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2448","reference_id":"CVE-2019-2448","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2448"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2448"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dsa-x4gg-kbg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43263?format=json","vulnerability_id":"VCID-9f1p-jj8b-r3fn","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2454","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46975","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46973","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46997","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46971","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.4692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46957","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46974","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46921","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2454"},{"reference_url":"https://security.archlinux.org/ASA-202107-52","reference_id":"ASA-202107-52","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-52"},{"reference_url":"https://security.archlinux.org/AVG-2187","reference_id":"AVG-2187","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2187"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-25T19:25:21Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942228?format=json","purl":"pkg:deb/debian/virtualbox@6.1.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2454"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9f1p-jj8b-r3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/225955?format=json","vulnerability_id":"VCID-9hwa-xmhr-nqf9","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 5.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21161","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23238","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23332","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23294","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.234","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23188","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23261","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23311","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21161"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2024.html","reference_id":"cpujul2024.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T16:25:51Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942240?format=json","purl":"pkg:deb/debian/virtualbox@7.0.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21161"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hwa-xmhr-nqf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203338?format=json","vulnerability_id":"VCID-9mq9-4pj2-3ygp","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:55Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:55Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2525","reference_id":"","reference_type":"","scores":[{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93432","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93406","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93425","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93431","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93398","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93414","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2525"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:55Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:55Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2525","reference_id":"CVE-2019-2525","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2525"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2525"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mq9-4pj2-3ygp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344229?format=json","vulnerability_id":"VCID-9nhh-x1t1-uqcq","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 7.1 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21986","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05537","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05544","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05523","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0556","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05584","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05557","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21986"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T18:57:14Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21986"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nhh-x1t1-uqcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171583?format=json","vulnerability_id":"VCID-9nw5-sjhs-qkcd","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3563","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43677","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43757","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43741","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43745","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43764","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43715","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43732","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3563"},{"reference_url":"https://www.exploit-db.com/exploits/41908/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:17Z/"}],"url":"https://www.exploit-db.com/exploits/41908/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:17Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"},{"reference_url":"http://www.securityfocus.com/bid/97732","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:17Z/"}],"url":"http://www.securityfocus.com/bid/97732"},{"reference_url":"http://www.securitytracker.com/id/1038288","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:17Z/"}],"url":"http://www.securitytracker.com/id/1038288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1103","reference_id":"CVE-2017-3563","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1103"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86-64/local/41908.txt","reference_id":"CVE-2017-3563","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86-64/local/41908.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3563","reference_id":"CVE-2017-3563","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3563"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942211?format=json","purl":"pkg:deb/debian/virtualbox@5.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3563"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nw5-sjhs-qkcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330588?format=json","vulnerability_id":"VCID-9qg2-42zm-muh3","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53028","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11434","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11226","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11306","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11361","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11669","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53028"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373","reference_id":"1109373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-16T03:56:08Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942242?format=json","purl":"pkg:deb/debian/virtualbox@7.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-53028"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qg2-42zm-muh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47404?format=json","vulnerability_id":"VCID-9tnw-s9e9-1ugm","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2876","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35886","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35787","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35689","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35747","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35797","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3582","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35828","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2876"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:56Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:56Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2876"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tnw-s9e9-1ugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335958?format=json","vulnerability_id":"VCID-9v12-3puz-dfee","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.12 and  7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62641","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08959","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08972","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08919","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08969","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08899","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09009","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62641"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542","reference_id":"1118542","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-23T03:55:33Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942243?format=json","purl":"pkg:deb/debian/virtualbox@7.2.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-62641"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v12-3puz-dfee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142720?format=json","vulnerability_id":"VCID-9xpz-a6pw-mqbh","summary":"Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core.  NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to \"draw more lines than necessary.\"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0420","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2962","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29695","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29747","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29793","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29675","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29712","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29715","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29671","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0420"},{"reference_url":"https://bugzilla.novell.com/show_bug.cgi?id=798776","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.novell.com/show_bug.cgi?id=798776"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763"},{"reference_url":"https://www.virtualbox.org/changeset/44055/vbox","reference_id":"","reference_type":"","scores":[],"url":"https://www.virtualbox.org/changeset/44055/vbox"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698292","reference_id":"698292","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698292"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:virtualization:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:virtualization:4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtualization:4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0420","reference_id":"CVE-2013-0420","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0420"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942190?format=json","purl":"pkg:deb/debian/virtualbox@4.1.18-dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.1.18-dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2013-0420"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xpz-a6pw-mqbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335940?format=json","vulnerability_id":"VCID-a99c-5ky1-jbhm","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.12 and  7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62588","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07726","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07651","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07694","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07663","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07742","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0774","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62588"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542","reference_id":"1118542","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-23T03:55:30Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942243?format=json","purl":"pkg:deb/debian/virtualbox@7.2.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-62588"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a99c-5ky1-jbhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47425?format=json","vulnerability_id":"VCID-ace3-vcfx-fkby","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14694","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35068","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35048","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35052","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35016","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35095","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14694"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:33Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:33Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:33Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-899/","reference_id":"ZDI-20-899","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:33Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-899/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14694"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ace3-vcfx-fkby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47460?format=json","vulnerability_id":"VCID-ajb5-u5rp-5bhr","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:13Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2958","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37907","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37926","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2958"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:13Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2958","reference_id":"CVE-2020-2958","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2958"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:13Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2958"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajb5-u5rp-5bhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184746?format=json","vulnerability_id":"VCID-akcu-srak-rqcy","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows low privileged attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3294","reference_id":"","reference_type":"","scores":[{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67575","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67615","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67648","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67539","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67626","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67639","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3294"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:54Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105624","reference_id":"105624","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:54Z/"}],"url":"http://www.securityfocus.com/bid/105624"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3294"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akcu-srak-rqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344203?format=json","vulnerability_id":"VCID-am22-e2qp-abgn","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21956","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12822","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12868","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13016","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12895","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12945","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12903","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21956"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:39Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21956"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am22-e2qp-abgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171594?format=json","vulnerability_id":"VCID-aps4-nm33-kqft","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3575","reference_id":"","reference_type":"","scores":[{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.66901","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.6694","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.66989","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67001","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67021","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67007","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.66976","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.66939","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.66965","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3575"},{"reference_url":"https://www.exploit-db.com/exploits/41906/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:37Z/"}],"url":"https://www.exploit-db.com/exploits/41906/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:37Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"},{"reference_url":"http://www.securityfocus.com/bid/97755","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:37Z/"}],"url":"http://www.securityfocus.com/bid/97755"},{"reference_url":"http://www.securitytracker.com/id/1038288","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:37Z/"}],"url":"http://www.securitytracker.com/id/1038288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1136","reference_id":"CVE-2017-3575","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1136"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41906.txt","reference_id":"CVE-2017-3575","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41906.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3575","reference_id":"CVE-2017-3575","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:P/A:P"},{"value":"7.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3575"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942211?format=json","purl":"pkg:deb/debian/virtualbox@5.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3575"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aps4-nm33-kqft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47444?format=json","vulnerability_id":"VCID-atbb-6wy4-yqek","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:43Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2742","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37621","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37726","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37669","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37683","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37649","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37519","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2742"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:43Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-499/","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:43Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-499/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2742","reference_id":"CVE-2020-2742","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2742"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:43Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2742"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atbb-6wy4-yqek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203358?format=json","vulnerability_id":"VCID-au36-g2mp-gke6","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:10Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2548","reference_id":"","reference_type":"","scores":[{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88215","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88206","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88223","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88156","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88164","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.8818","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88186","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2548"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:10Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:10Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2548","reference_id":"CVE-2019-2548","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2548"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2548"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-au36-g2mp-gke6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33692?format=json","vulnerability_id":"VCID-b2p9-bca1-ukab","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39422","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22416","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22492","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22511","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2247","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22525","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22567","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22356","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22437","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39422"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T15:25:18Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942234?format=json","purl":"pkg:deb/debian/virtualbox@6.1.38-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.38-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-39422"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b2p9-bca1-ukab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47441?format=json","vulnerability_id":"VCID-b4jd-jct3-n3h1","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2575","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37591","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37773","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37727","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3774","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37753","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37718","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37691","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37798","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2575"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:10Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-582/","reference_id":"ZDI-20-582","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:10Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-582/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2575"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4jd-jct3-n3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59756?format=json","vulnerability_id":"VCID-bbt5-dq5n-ebcb","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which allows local users to escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5610","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19263","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19363","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19367","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19317","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19335","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19469","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19517","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19234","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19312","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5610"},{"reference_url":"http://www.securityfocus.com/bid/93711","reference_id":"93711","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:48:50Z/"}],"url":"http://www.securityfocus.com/bid/93711"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:48:50Z/"}],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942207?format=json","purl":"pkg:deb/debian/virtualbox@5.1.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-5610"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbt5-dq5n-ebcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61116?format=json","vulnerability_id":"VCID-bck2-r9jw-ducn","summary":"security update","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-11/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-11/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-11/msg00172.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-11/msg00172.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4896","reference_id":"","reference_type":"","scores":[{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.81131","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.81067","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.81076","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.811","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.81128","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.81134","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.81152","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.81138","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4896"},{"reference_url":"http://www.debian.org/security/2015/dsa-3384","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3384"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"},{"reference_url":"http://www.securityfocus.com/bid/77198","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/77198"},{"reference_url":"http://www.securitytracker.com/id/1033880","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1033880"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4896","reference_id":"CVE-2015-4896","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4896"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942200?format=json","purl":"pkg:deb/debian/virtualbox@5.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-4896"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bck2-r9jw-ducn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37860?format=json","vulnerability_id":"VCID-bgsu-2ev5-yubb","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2119","reference_id":"","reference_type":"","scores":[{"value":"0.03803","scoring_system":"epss","scoring_elements":"0.88035","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03803","scoring_system":"epss","scoring_elements":"0.88058","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03803","scoring_system":"epss","scoring_elements":"0.88064","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03803","scoring_system":"epss","scoring_elements":"0.88083","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03803","scoring_system":"epss","scoring_elements":"0.88089","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03803","scoring_system":"epss","scoring_elements":"0.88099","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03803","scoring_system":"epss","scoring_elements":"0.88092","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03803","scoring_system":"epss","scoring_elements":"0.88093","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03803","scoring_system":"epss","scoring_elements":"0.88045","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2119"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:29Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"},{"reference_url":"https://security.gentoo.org/glsa/202104-08","reference_id":"GLSA-202104-08","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:29Z/"}],"url":"https://security.gentoo.org/glsa/202104-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2119"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgsu-2ev5-yubb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287431?format=json","vulnerability_id":"VCID-bhj1-1vgd-3qe1","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21998","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11374","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11404","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11444","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11503","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11291","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11373","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11431","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11437","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21998"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942236?format=json","purl":"pkg:deb/debian/virtualbox@7.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21998"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhj1-1vgd-3qe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43324?format=json","vulnerability_id":"VCID-bjuy-m181-rkbm","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35545","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14719","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14649","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14739","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14798","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14756","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14665","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14769","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14844","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35545"},{"reference_url":"https://security.archlinux.org/ASA-202110-3","reference_id":"ASA-202110-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-3"},{"reference_url":"https://security.archlinux.org/AVG-2476","reference_id":"AVG-2476","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2476"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T19:15:03Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942229?format=json","purl":"pkg:deb/debian/virtualbox@6.1.28-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.28-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-35545"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bjuy-m181-rkbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344202?format=json","vulnerability_id":"VCID-bmx5-9hrx-5be9","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21955","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12822","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12868","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13016","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12895","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12945","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12903","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21955"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:37Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21955"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmx5-9hrx-5be9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48567?format=json","vulnerability_id":"VCID-bpdw-gp87-k3fw","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2845","reference_id":"","reference_type":"","scores":[{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.3053","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30525","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30584","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30617","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.3062","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30576","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30529","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30667","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30713","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2845"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:26:43Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.securityfocus.com/bid/103861","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:26:43Z/"}],"url":"http://www.securityfocus.com/bid/103861"},{"reference_url":"http://www.securitytracker.com/id/1040707","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:26:43Z/"}],"url":"http://www.securitytracker.com/id/1040707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2845","reference_id":"CVE-2018-2845","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2845"},{"reference_url":"https://security.gentoo.org/glsa/201805-08","reference_id":"GLSA-201805-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:26:43Z/"}],"url":"https://security.gentoo.org/glsa/201805-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942214?format=json","purl":"pkg:deb/debian/virtualbox@5.2.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2845"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bpdw-gp87-k3fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203317?format=json","vulnerability_id":"VCID-bq98-t2fh-8ud5","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:02Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:02Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2509","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38299","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38398","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38361","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38325","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38262","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38421","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38285","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38335","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2509"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:02Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:02Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2509","reference_id":"CVE-2019-2509","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:C"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2509"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2509"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bq98-t2fh-8ud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203313?format=json","vulnerability_id":"VCID-bqur-e23f-aydg","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:06Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2506","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30035","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30071","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30075","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29975","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2506"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:06Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:06Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2506","reference_id":"CVE-2019-2506","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2506"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2506"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqur-e23f-aydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/320944?format=json","vulnerability_id":"VCID-brjs-bfrf-jqbw","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30712","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24593","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2465","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24748","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24787","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24559","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24629","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24676","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24691","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30712"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103582","reference_id":"1103582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103582"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2025.html","reference_id":"cpuapr2025.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-16T14:40:52Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942241?format=json","purl":"pkg:deb/debian/virtualbox@7.0.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-30712"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brjs-bfrf-jqbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165541?format=json","vulnerability_id":"VCID-bwcf-n9zd-47gc","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10392","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16642","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16707","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16761","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16741","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16698","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16607","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1678","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16837","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16622","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10392"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:42:26Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securityfocus.com/bid/101368","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:42:26Z/"}],"url":"http://www.securityfocus.com/bid/101368"},{"reference_url":"http://www.securitytracker.com/id/1039599","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:42:26Z/"}],"url":"http://www.securitytracker.com/id/1039599"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:5.1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10392","reference_id":"CVE-2017-10392","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10392"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942210?format=json","purl":"pkg:deb/debian/virtualbox@5.1.30-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.30-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10392"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwcf-n9zd-47gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39913?format=json","vulnerability_id":"VCID-bywa-gvfr-c3ga","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2686","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39329","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39366","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39348","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39179","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39389","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39303","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39358","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39375","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2686"},{"reference_url":"http://www.securityfocus.com/bid/102690","reference_id":"102690","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:19:55Z/"}],"url":"http://www.securityfocus.com/bid/102690"},{"reference_url":"http://www.securitytracker.com/id/1040202","reference_id":"1040202","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:19:55Z/"}],"url":"http://www.securitytracker.com/id/1040202"},{"reference_url":"https://security.gentoo.org/glsa/201802-01","reference_id":"GLSA-201802-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942213?format=json","purl":"pkg:deb/debian/virtualbox@5.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2686"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bywa-gvfr-c3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335939?format=json","vulnerability_id":"VCID-c2nv-y5d9-6kbn","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.12 and  7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62587","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07726","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07651","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07694","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07663","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07742","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0774","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62587"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542","reference_id":"1118542","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-23T03:55:29Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942243?format=json","purl":"pkg:deb/debian/virtualbox@7.2.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-62587"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2nv-y5d9-6kbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203521?format=json","vulnerability_id":"VCID-c5gc-zj9e-x7hs","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2678","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35478","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35399","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35278","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35502","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35385","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35431","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35465","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35422","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2678"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2678"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5gc-zj9e-x7hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43115?format=json","vulnerability_id":"VCID-c7w5-yk8d-qkfb","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2280","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36132","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36171","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36189","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36195","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36158","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36058","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36253","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36286","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36122","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2280"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:42:45Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2280"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7w5-yk8d-qkfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165557?format=json","vulnerability_id":"VCID-c93q-cw62-1ubw","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10408","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15852","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15917","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15979","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15958","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1592","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15904","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15968","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15832","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10408"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:42:10Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securityfocus.com/bid/101371","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:42:10Z/"}],"url":"http://www.securityfocus.com/bid/101371"},{"reference_url":"http://www.securitytracker.com/id/1039599","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:42:10Z/"}],"url":"http://www.securitytracker.com/id/1039599"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10408","reference_id":"CVE-2017-10408","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10408"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942210?format=json","purl":"pkg:deb/debian/virtualbox@5.1.30-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.30-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10408"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c93q-cw62-1ubw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48568?format=json","vulnerability_id":"VCID-catz-2uta-3fgf","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2860","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36316","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36364","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36414","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36434","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36441","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36406","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36384","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36492","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36526","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2860"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:55Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.securityfocus.com/bid/103860","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:55Z/"}],"url":"http://www.securityfocus.com/bid/103860"},{"reference_url":"http://www.securitytracker.com/id/1040707","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:55Z/"}],"url":"http://www.securitytracker.com/id/1040707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2860","reference_id":"CVE-2018-2860","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2860"},{"reference_url":"https://security.gentoo.org/glsa/201805-08","reference_id":"GLSA-201805-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:55Z/"}],"url":"https://security.gentoo.org/glsa/201805-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942214?format=json","purl":"pkg:deb/debian/virtualbox@5.2.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2860"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-catz-2uta-3fgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43136?format=json","vulnerability_id":"VCID-cm61-d57b-1qhq","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2285","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39875","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3997","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40036","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.4001","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40049","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2285"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:53Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2285"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm61-d57b-1qhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37849?format=json","vulnerability_id":"VCID-cm69-aycs-kfh2","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2111","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37094","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37106","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37007","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37183","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37212","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37043","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2111"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:41Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2111"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm69-aycs-kfh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33901?format=json","vulnerability_id":"VCID-cmjk-znxb-afgy","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2727","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33157","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33286","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3315","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33194","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33227","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33229","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33189","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33166","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33318","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2727"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:00Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:00Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2727"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmjk-znxb-afgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43205?format=json","vulnerability_id":"VCID-ctc7-nx1g-quh9","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2310","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45844","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45891","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45912","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45862","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45918","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45916","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45938","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45909","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2310"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T13:58:49Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-21-456/","reference_id":"ZDI-21-456","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T13:58:49Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-456/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2310"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctc7-nx1g-quh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47427?format=json","vulnerability_id":"VCID-cud1-bcu6-1ydf","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14695","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35068","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35048","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35052","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35016","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35095","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14695"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:31Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:31Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:31Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-900/","reference_id":"ZDI-20-900","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:31Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-900/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14695"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cud1-bcu6-1ydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33887?format=json","vulnerability_id":"VCID-d3da-xmrq-bfd2","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2690","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67462","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67498","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67497","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67549","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67563","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67586","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67572","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67539","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67519","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2690"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:46Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:46Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2690"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3da-xmrq-bfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80912?format=json","vulnerability_id":"VCID-d499-x9kv-bydk","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0592","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25619","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25703","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25775","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25817","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25587","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.2566","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25706","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25717","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25676","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0592"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592"},{"reference_url":"http://www.debian.org/security/2016/dsa-3454","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3454"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.securityfocus.com/bid/81224","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/81224"},{"reference_url":"http://www.securitytracker.com/id/1034731","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034731"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0592","reference_id":"CVE-2016-0592","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0592"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942203?format=json","purl":"pkg:deb/debian/virtualbox@5.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-0592"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d499-x9kv-bydk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43338?format=json","vulnerability_id":"VCID-d4fu-pyuk-vfcq","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21394","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31479","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31473","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31525","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31555","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31559","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31517","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31609","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31653","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21394"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T17:43:53Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-22-128/","reference_id":"ZDI-22-128","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T17:43:53Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-128/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942230?format=json","purl":"pkg:deb/debian/virtualbox@6.1.32-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.32-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21394"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4fu-pyuk-vfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47451?format=json","vulnerability_id":"VCID-d5gm-n8uu-rfgw","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:35Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2907","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37204","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3737","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37397","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37225","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.373","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37267","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37239","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2907"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:35Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-509/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:35Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-509/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-510/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:35Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-510/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2907","reference_id":"CVE-2020-2907","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2907"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:35Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2907"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gm-n8uu-rfgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344226?format=json","vulnerability_id":"VCID-d9ub-1pgd-bfc2","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21983","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0814","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08157","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08155","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08102","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08161","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08177","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21983"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:23Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21983"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9ub-1pgd-bfc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4037?format=json","vulnerability_id":"VCID-dc9p-tdf1-h7ad","summary":"x86: CPU lockup during exception delivery","references":[{"reference_url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed","reference_id":"","reference_type":"","scores":[],"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2636.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-2636.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2645.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-2645.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0046.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0046.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5307.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5307.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5307","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26583","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26642","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26738","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26563","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26631","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26682","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26686","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed"},{"reference_url":"https://kb.juniper.net/JSA10783","reference_id":"","reference_type":"","scores":[],"url":"https://kb.juniper.net/JSA10783"},{"reference_url":"http://support.citrix.com/article/CTX202583","reference_id":"","reference_type":"","scores":[],"url":"http://support.citrix.com/article/CTX202583"},{"reference_url":"http://www.debian.org/security/2015/dsa-3396","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3396"},{"reference_url":"http://www.debian.org/security/2015/dsa-3414","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3414"},{"reference_url":"http://www.debian.org/security/2016/dsa-3454","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3454"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/10/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/11/10/6"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"http://www.securityfocus.com/bid/77528","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/77528"},{"reference_url":"http://www.securitytracker.com/id/1034105","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034105"},{"reference_url":"http://www.ubuntu.com/usn/USN-2800-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2800-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2801-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2801-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2802-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2802-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2803-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2803-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2804-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2804-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2805-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2805-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2806-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2806-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2807-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2807-1"},{"reference_url":"http://xenbits.xen.org/xsa/advisory-156.html","reference_id":"","reference_type":"","scores":[],"url":"http://xenbits.xen.org/xsa/advisory-156.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277172","reference_id":"1277172","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277172"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:xen:xen:4.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:xen:xen:4.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5307","reference_id":"CVE-2015-5307","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2552","reference_id":"RHSA-2015:2552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2587","reference_id":"RHSA-2015:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2636","reference_id":"RHSA-2015:2636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2645","reference_id":"RHSA-2015:2645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0004","reference_id":"RHSA-2016:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0024","reference_id":"RHSA-2016:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0046","reference_id":"RHSA-2016:0046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0046"},{"reference_url":"https://usn.ubuntu.com/2800-1/","reference_id":"USN-2800-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2800-1/"},{"reference_url":"https://usn.ubuntu.com/2801-1/","reference_id":"USN-2801-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2801-1/"},{"reference_url":"https://usn.ubuntu.com/2802-1/","reference_id":"USN-2802-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2802-1/"},{"reference_url":"https://usn.ubuntu.com/2803-1/","reference_id":"USN-2803-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2803-1/"},{"reference_url":"https://usn.ubuntu.com/2804-1/","reference_id":"USN-2804-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2804-1/"},{"reference_url":"https://usn.ubuntu.com/2805-1/","reference_id":"USN-2805-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2805-1/"},{"reference_url":"https://usn.ubuntu.com/2806-1/","reference_id":"USN-2806-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2806-1/"},{"reference_url":"https://usn.ubuntu.com/2807-1/","reference_id":"USN-2807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2807-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-156.html","reference_id":"XSA-156","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-156.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942202?format=json","purl":"pkg:deb/debian/virtualbox@5.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-5307"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dc9p-tdf1-h7ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59751?format=json","vulnerability_id":"VCID-dcc4-hs9f-j7dd","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which allows local users to escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6589","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29925","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.30015","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29828","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29891","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29926","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29886","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29836","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888","reference_id":"775888","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942196?format=json","purl":"pkg:deb/debian/virtualbox@4.3.18-dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.18-dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-6589"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dcc4-hs9f-j7dd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73606?format=json","vulnerability_id":"VCID-dedn-32wh-qkb2","summary":"Core: From CVEorg collector","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21248.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21248.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21248","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0773","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0776","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07747","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07685","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07717","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07683","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07742","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21248"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085440","reference_id":"1085440","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085440"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318928","reference_id":"2318928","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318928"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942241?format=json","purl":"pkg:deb/debian/virtualbox@7.0.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21248"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dedn-32wh-qkb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330587?format=json","vulnerability_id":"VCID-dfw3-akg3-t7d7","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53027","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11434","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11226","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11306","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11361","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11669","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53027"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373","reference_id":"1109373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-16T03:56:09Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942242?format=json","purl":"pkg:deb/debian/virtualbox@7.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-53027"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfw3-akg3-t7d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344224?format=json","vulnerability_id":"VCID-dhj9-zmhu-afe9","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.6 (Confidentiality and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:L).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21981","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04856","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04816","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04841","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04859","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04897","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04913","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04896","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21981"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:30:49Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21981"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhj9-zmhu-afe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203308?format=json","vulnerability_id":"VCID-dkdd-7m85-kuc7","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2501","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27031","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27129","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27132","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27089","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27185","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27014","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27083","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2501"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:14Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:14Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2501","reference_id":"CVE-2019-2501","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2501"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2501"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkdd-7m85-kuc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/268119?format=json","vulnerability_id":"VCID-dktf-rdh8-w7bf","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21295","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14657","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14711","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14763","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14642","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14731","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14749","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21295"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942195?format=json","purl":"pkg:deb/debian/virtualbox@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21295"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dktf-rdh8-w7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344230?format=json","vulnerability_id":"VCID-dn5h-hfy6-sfaq","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21987","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03086","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03105","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03093","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21987"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:21Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21987"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dn5h-hfy6-sfaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43220?format=json","vulnerability_id":"VCID-dqvw-8yu6-gub8","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2312","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18571","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1876","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18666","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1867","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18622","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18623","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18814","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18531","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18611","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2312"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:32Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2312"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqvw-8yu6-gub8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287432?format=json","vulnerability_id":"VCID-dss7-vc8q-mbg9","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21999","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18398","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18547","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18602","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18311","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18394","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18446","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21999"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942236?format=json","purl":"pkg:deb/debian/virtualbox@7.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21999"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dss7-vc8q-mbg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/227074?format=json","vulnerability_id":"VCID-dud3-fxh1-jybc","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21103","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42127","published_at":"2026-04-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4209","published_at":"2026-04-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42076","published_at":"2026-04-02T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42104","published_at":"2026-04-04T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42041","published_at":"2026-04-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42093","published_at":"2026-04-08T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42105","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21103"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-19T04:01:14Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21103"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dud3-fxh1-jybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59752?format=json","vulnerability_id":"VCID-dwcj-32w6-8fb3","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which allows local users to escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6590","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29925","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.30015","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29828","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29891","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29926","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29886","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29836","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6590"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888","reference_id":"775888","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942196?format=json","purl":"pkg:deb/debian/virtualbox@4.3.18-dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.18-dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-6590"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dwcj-32w6-8fb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330586?format=json","vulnerability_id":"VCID-e1gx-4c87-wqf3","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53026","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08644","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08423","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08396","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08468","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08487","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0868","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373","reference_id":"1109373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T20:20:15Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942242?format=json","purl":"pkg:deb/debian/virtualbox@7.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-53026"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1gx-4c87-wqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43259?format=json","vulnerability_id":"VCID-e56x-6vc2-4qgk","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2443","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16469","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16532","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16586","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16402","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16583","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16646","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16446","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2443"},{"reference_url":"https://security.archlinux.org/ASA-202107-52","reference_id":"ASA-202107-52","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-52"},{"reference_url":"https://security.archlinux.org/AVG-2187","reference_id":"AVG-2187","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2187"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T19:15:25Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942228?format=json","purl":"pkg:deb/debian/virtualbox@6.1.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2443"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e56x-6vc2-4qgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43116?format=json","vulnerability_id":"VCID-e7tk-fpb8-yugw","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2281","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38435","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38443","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38458","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38421","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3836","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38497","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38521","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38384","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2281"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:42:44Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2281"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7tk-fpb8-yugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33882?format=json","vulnerability_id":"VCID-eebz-f2ee-8qan","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2678","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34563","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34776","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.3468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34724","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34751","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34755","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34716","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34692","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34802","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2678"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:02:03Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:02:03Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2678"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eebz-f2ee-8qan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37890?format=json","vulnerability_id":"VCID-ejgu-35ae-7ydr","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2126","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36064","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36104","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3609","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35995","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36189","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36219","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36054","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2126"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:15Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2126"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejgu-35ae-7ydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47418?format=json","vulnerability_id":"VCID-eqve-qqdp-13ah","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14650","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35068","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35048","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35052","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35016","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35095","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14650"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:31Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:31Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:31Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-892/","reference_id":"ZDI-20-892","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:31Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-892/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14650"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eqve-qqdp-13ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330584?format=json","vulnerability_id":"VCID-eqxt-m8mj-27f7","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53024","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11434","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11226","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11306","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11361","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11669","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53024"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373","reference_id":"1109373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-16T03:56:10Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942242?format=json","purl":"pkg:deb/debian/virtualbox@7.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-53024"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eqxt-m8mj-27f7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48562?format=json","vulnerability_id":"VCID-eum3-cpfq-gfeh","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2836","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3318","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33173","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33216","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33249","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33253","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33213","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33189","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3334","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2836"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:48Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.securityfocus.com/bid/103858","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:48Z/"}],"url":"http://www.securityfocus.com/bid/103858"},{"reference_url":"http://www.securitytracker.com/id/1040707","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:48Z/"}],"url":"http://www.securitytracker.com/id/1040707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2836","reference_id":"CVE-2018-2836","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2836"},{"reference_url":"https://security.gentoo.org/glsa/201805-08","reference_id":"GLSA-201805-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:48Z/"}],"url":"https://security.gentoo.org/glsa/201805-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942214?format=json","purl":"pkg:deb/debian/virtualbox@5.2.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eum3-cpfq-gfeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55712?format=json","vulnerability_id":"VCID-ey8n-hxv6-9yhp","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5892","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19826","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19973","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19758","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19899","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19797","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5892","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0407"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735410","reference_id":"735410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735410"},{"reference_url":"https://security.gentoo.org/glsa/201401-13","reference_id":"GLSA-201401-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942192?format=json","purl":"pkg:deb/debian/virtualbox@4.3.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2013-5892"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ey8n-hxv6-9yhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48561?format=json","vulnerability_id":"VCID-ezds-9crc-1ue9","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2835","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3318","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33173","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33216","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33249","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33253","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33213","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33189","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3334","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2835"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:43Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.securityfocus.com/bid/103857","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:43Z/"}],"url":"http://www.securityfocus.com/bid/103857"},{"reference_url":"http://www.securitytracker.com/id/1040707","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:43Z/"}],"url":"http://www.securitytracker.com/id/1040707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2835","reference_id":"CVE-2018-2835","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2835"},{"reference_url":"https://security.gentoo.org/glsa/201805-08","reference_id":"GLSA-201805-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:43Z/"}],"url":"https://security.gentoo.org/glsa/201805-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942214?format=json","purl":"pkg:deb/debian/virtualbox@5.2.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2835"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezds-9crc-1ue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37819?format=json","vulnerability_id":"VCID-f16m-ykmk-a7by","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14886","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33961","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.343","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34193","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34266","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34225","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34201","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34329","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14886"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:42:59Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1280/","reference_id":"ZDI-20-1280","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:42:59Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1280/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942223?format=json","purl":"pkg:deb/debian/virtualbox@6.1.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14886"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f16m-ykmk-a7by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47401?format=json","vulnerability_id":"VCID-f19n-sjcc-g3dc","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2874","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35886","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35787","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35689","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35747","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35797","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3582","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35828","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2874"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:59Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:59Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2874"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f19n-sjcc-g3dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287446?format=json","vulnerability_id":"VCID-f1vr-5vj5-7kgz","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.46 and  Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22018","reference_id":"","reference_type":"","scores":[{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68748","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68747","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68817","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.6884","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68769","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00792","scoring_system":"epss","scoring_elements":"0.73914","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00792","scoring_system":"epss","scoring_elements":"0.73922","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22018"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2023.html","reference_id":"cpujul2023.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-13T17:48:46Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2023.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942237?format=json","purl":"pkg:deb/debian/virtualbox@7.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-22018"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f1vr-5vj5-7kgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33695?format=json","vulnerability_id":"VCID-f352-rez5-9uc4","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39425","reference_id":"","reference_type":"","scores":[{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92256","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92228","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92249","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92253","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92259","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92234","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92238","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39425"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T14:19:43Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-39425"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f352-rez5-9uc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184497?format=json","vulnerability_id":"VCID-f4aa-tt4d-fudf","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3090","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3090"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:23Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/104764","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:23Z/"}],"url":"http://www.securityfocus.com/bid/104764"},{"reference_url":"http://www.securitytracker.com/id/1041296","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:23Z/"}],"url":"http://www.securitytracker.com/id/1041296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3090","reference_id":"CVE-2018-3090","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3090"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942216?format=json","purl":"pkg:deb/debian/virtualbox@5.2.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3090"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f4aa-tt4d-fudf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203368?format=json","vulnerability_id":"VCID-f847-mc3r-mke3","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:26Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:26Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2555","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30294","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30478","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30347","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2555"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:26Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:26Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2555","reference_id":"CVE-2019-2555","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2555"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2555"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f847-mc3r-mke3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43159?format=json","vulnerability_id":"VCID-f8a4-p5xx-sqab","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2296","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25945","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26069","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25835","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25904","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25956","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25966","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25921","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25862","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26027","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2296"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:47Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-21-459/","reference_id":"ZDI-21-459","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:47Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-459/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2296"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8a4-p5xx-sqab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37798?format=json","vulnerability_id":"VCID-farh-f8xm-sqg6","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14872","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14365","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14493","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1451","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1446","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1443","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14564","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14372","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14456","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14872"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:53:54Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942223?format=json","purl":"pkg:deb/debian/virtualbox@6.1.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14872"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-farh-f8xm-sqg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203240?format=json","vulnerability_id":"VCID-ffa4-1vba-zbbc","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:43Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:43Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2446","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3661","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36671","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36553","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36645","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2446"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:43Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:43Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2446","reference_id":"CVE-2019-2446","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2446"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2446"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffa4-1vba-zbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47394?format=json","vulnerability_id":"VCID-fg1p-7ap7-2bbc","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2859","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35132","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34933","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3504","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35111","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35115","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2859"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:39Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:39Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2859"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fg1p-7ap7-2bbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184739?format=json","vulnerability_id":"VCID-fhuf-7749-u7dd","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3290","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3290"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:00Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:00Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3290"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhuf-7749-u7dd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33896?format=json","vulnerability_id":"VCID-fppm-1b8g-zfg9","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2704","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31486","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31623","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31487","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31539","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31569","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31573","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31531","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31494","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31668","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2704"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:32Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:32Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2704"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fppm-1b8g-zfg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335942?format=json","vulnerability_id":"VCID-frtc-w4gw-pugj","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.12 and  7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62590","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07726","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07651","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07694","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07663","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07742","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0774","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62590"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542","reference_id":"1118542","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-23T03:55:32Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942243?format=json","purl":"pkg:deb/debian/virtualbox@7.2.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-62590"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-frtc-w4gw-pugj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43194?format=json","vulnerability_id":"VCID-fuce-smna-wych","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2309","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2616","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26051","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26117","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26174","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26129","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2607","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26241","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2309"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T13:58:52Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-21-461/","reference_id":"ZDI-21-461","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T13:58:52Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-461/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2309"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuce-smna-wych"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344204?format=json","vulnerability_id":"VCID-fuqf-teut-wugw","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21957","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0814","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08157","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08155","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08102","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08161","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08177","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21957"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:40Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21957"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuqf-teut-wugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47421?format=json","vulnerability_id":"VCID-fv28-4e9k-pqhv","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14675","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31565","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31696","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.3161","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31639","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31643","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31601","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.3174","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14675"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:48Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-895/","reference_id":"ZDI-20-895","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:48Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-895/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14675"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fv28-4e9k-pqhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59755?format=json","vulnerability_id":"VCID-fv7j-1ank-mffg","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which allows local users to escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5608","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17542","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17623","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17641","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17594","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17541","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17704","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17751","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17473","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17563","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5608"},{"reference_url":"http://www.securityfocus.com/bid/93718","reference_id":"93718","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:48:53Z/"}],"url":"http://www.securityfocus.com/bid/93718"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:48:53Z/"}],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942207?format=json","purl":"pkg:deb/debian/virtualbox@5.1.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-5608"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fv7j-1ank-mffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203339?format=json","vulnerability_id":"VCID-g2r7-1vm7-a7h2","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:13Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2526","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2526"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:13Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:13Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2526","reference_id":"CVE-2019-2526","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2526"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2526"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2r7-1vm7-a7h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33868?format=json","vulnerability_id":"VCID-g2rq-w5bs-2qab","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2926","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38803","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38844","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38855","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38868","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38831","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38704","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38842","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38862","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38792","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2926"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:11Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2926","reference_id":"CVE-2019-2926","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2926"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:11Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:11Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942221?format=json","purl":"pkg:deb/debian/virtualbox@6.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2926"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2rq-w5bs-2qab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47396?format=json","vulnerability_id":"VCID-g4su-dvz9-5qhm","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2864","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37041","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36939","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36871","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37074","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36953","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36966","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36974","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2864"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:37Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:37Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2864"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4su-dvz9-5qhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59080?format=json","vulnerability_id":"VCID-ge84-ygny-wqe3","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0377","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2865","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28734","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28782","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28589","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28654","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28652","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28605","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0418"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888","reference_id":"775888","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942197?format=json","purl":"pkg:deb/debian/virtualbox@4.3.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-0377"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ge84-ygny-wqe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47455?format=json","vulnerability_id":"VCID-gf6q-h34j-1uak","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:27Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2911","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37519","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37726","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37669","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37683","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37649","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37621","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2911"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:27Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-551/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:27Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-551/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2911","reference_id":"CVE-2020-2911","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2911"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:27Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2911"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gf6q-h34j-1uak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43128?format=json","vulnerability_id":"VCID-gguv-hvra-23ff","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2282","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36132","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36171","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36189","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36195","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36158","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36058","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36253","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36286","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36122","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2282"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:42:42Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2282"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gguv-hvra-23ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48566?format=json","vulnerability_id":"VCID-gjku-jvzb-dkca","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2844","reference_id":"","reference_type":"","scores":[{"value":"0.03312","scoring_system":"epss","scoring_elements":"0.87204","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03312","scoring_system":"epss","scoring_elements":"0.8723","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03312","scoring_system":"epss","scoring_elements":"0.87227","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03312","scoring_system":"epss","scoring_elements":"0.87247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03312","scoring_system":"epss","scoring_elements":"0.87254","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03312","scoring_system":"epss","scoring_elements":"0.87267","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03312","scoring_system":"epss","scoring_elements":"0.87261","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03312","scoring_system":"epss","scoring_elements":"0.87256","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03312","scoring_system":"epss","scoring_elements":"0.87214","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2844"},{"reference_url":"https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:59Z/"}],"url":"https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:59Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.securityfocus.com/bid/103855","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:59Z/"}],"url":"http://www.securityfocus.com/bid/103855"},{"reference_url":"http://www.securitytracker.com/id/1040707","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:59Z/"}],"url":"http://www.securitytracker.com/id/1040707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2844","reference_id":"CVE-2018-2844","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2844"},{"reference_url":"https://security.gentoo.org/glsa/201805-08","reference_id":"GLSA-201805-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:59Z/"}],"url":"https://security.gentoo.org/glsa/201805-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942214?format=json","purl":"pkg:deb/debian/virtualbox@5.2.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2844"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gjku-jvzb-dkca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203369?format=json","vulnerability_id":"VCID-gm8u-k7vg-fbes","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:25Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:25Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2556","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26995","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27093","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27096","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27052","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2711","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27187","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26979","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27047","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2556"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:25Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:25Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2556","reference_id":"CVE-2019-2556","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2556"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2556"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gm8u-k7vg-fbes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184492?format=json","vulnerability_id":"VCID-gs15-h2mg-a3ap","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3087","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3087"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:26Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/104764","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:26Z/"}],"url":"http://www.securityfocus.com/bid/104764"},{"reference_url":"http://www.securitytracker.com/id/1041296","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:26Z/"}],"url":"http://www.securitytracker.com/id/1041296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3087","reference_id":"CVE-2018-3087","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3087"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942216?format=json","purl":"pkg:deb/debian/virtualbox@5.2.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3087"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gs15-h2mg-a3ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47461?format=json","vulnerability_id":"VCID-gvqc-29xp-7qcn","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:53:31Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2959","reference_id":"","reference_type":"","scores":[{"value":"0.01335","scoring_system":"epss","scoring_elements":"0.79929","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01335","scoring_system":"epss","scoring_elements":"0.79956","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01335","scoring_system":"epss","scoring_elements":"0.79945","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01335","scoring_system":"epss","scoring_elements":"0.79974","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01335","scoring_system":"epss","scoring_elements":"0.79983","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01335","scoring_system":"epss","scoring_elements":"0.80003","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01335","scoring_system":"epss","scoring_elements":"0.79986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01335","scoring_system":"epss","scoring_elements":"0.79979","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01335","scoring_system":"epss","scoring_elements":"0.79935","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2959"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:53:31Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2959","reference_id":"CVE-2020-2959","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2959"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:53:31Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2959"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvqc-29xp-7qcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33689?format=json","vulnerability_id":"VCID-gwa7-c3nu-77ey","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21627","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29426","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29519","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29523","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29478","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29595","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29416","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29479","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21627"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T15:20:53Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21627"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwa7-c3nu-77ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73594?format=json","vulnerability_id":"VCID-gx18-8hyk-m7es","summary":"Oracle VM VirtualBox: From CVEorg collector","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21253.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21253.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21253","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07872","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07902","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07886","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07832","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0788","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07834","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07891","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07915","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21253"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085440","reference_id":"1085440","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085440"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318893","reference_id":"2318893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318893"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942241?format=json","purl":"pkg:deb/debian/virtualbox@7.0.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21253"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gx18-8hyk-m7es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165430?format=json","vulnerability_id":"VCID-ha1c-82ym-fqah","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10235","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84768","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.8471","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84778","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84774","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84695","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.8473","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84731","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84754","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.8476","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10235"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:15Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99705","reference_id":"99705","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:15Z/"}],"url":"http://www.securityfocus.com/bid/99705"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10235"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ha1c-82ym-fqah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33891?format=json","vulnerability_id":"VCID-hcm2-8xf7-nubu","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2693","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35784","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35974","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35834","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35884","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35907","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35912","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3587","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35847","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.36003","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2693"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:41Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:41Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2693"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hcm2-8xf7-nubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43352?format=json","vulnerability_id":"VCID-hdd2-3z2m-g3c6","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21465","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37055","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37183","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37094","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37106","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37212","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21465"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:07:54Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942231?format=json","purl":"pkg:deb/debian/virtualbox@6.1.34-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.34-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21465"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdd2-3z2m-g3c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33696?format=json","vulnerability_id":"VCID-hhjz-qsx1-jfcq","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39426","reference_id":"","reference_type":"","scores":[{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85679","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.8569","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85705","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85701","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85653","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.8566","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39426"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T14:08:13Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-39426"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhjz-qsx1-jfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56413?format=json","vulnerability_id":"VCID-hkxu-su3z-9fbv","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which might allow unauthorized changes to some critical or all\n    accessible data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5545","reference_id":"","reference_type":"","scores":[{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68635","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68654","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68678","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68664","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68571","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68589","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68607","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68636","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5545"},{"reference_url":"http://www.securitytracker.com/id/1037638","reference_id":"1037638","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T19:31:34Z/"}],"url":"http://www.securitytracker.com/id/1037638"},{"reference_url":"http://www.securityfocus.com/bid/95590","reference_id":"95590","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T19:31:34Z/"}],"url":"http://www.securityfocus.com/bid/95590"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","reference_id":"cpujan2017-2881727.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T19:31:34Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"},{"reference_url":"https://security.gentoo.org/glsa/201702-08","reference_id":"GLSA-201702-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T19:31:34Z/"}],"url":"https://security.gentoo.org/glsa/201702-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942208?format=json","purl":"pkg:deb/debian/virtualbox@5.1.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-5545"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkxu-su3z-9fbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226842?format=json","vulnerability_id":"VCID-hp2a-p953-hye3","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21141","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48407","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48421","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48396","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48374","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48395","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48348","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48397","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21141"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2024.html","reference_id":"cpujul2024.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:26Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942240?format=json","purl":"pkg:deb/debian/virtualbox@7.0.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21141"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hp2a-p953-hye3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39930?format=json","vulnerability_id":"VCID-hq6c-htk8-zkft","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2688","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39329","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39366","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39348","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39179","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39389","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39303","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39358","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39375","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2688"},{"reference_url":"http://www.securityfocus.com/bid/102692","reference_id":"102692","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:02Z/"}],"url":"http://www.securityfocus.com/bid/102692"},{"reference_url":"http://www.securitytracker.com/id/1040202","reference_id":"1040202","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:02Z/"}],"url":"http://www.securitytracker.com/id/1040202"},{"reference_url":"https://security.gentoo.org/glsa/201802-01","reference_id":"GLSA-201802-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942213?format=json","purl":"pkg:deb/debian/virtualbox@5.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2688"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hq6c-htk8-zkft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203531?format=json","vulnerability_id":"VCID-j15t-knfd-tfd1","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2696","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34061","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33956","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33718","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34092","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3395","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33991","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3398","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2696"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j15t-knfd-tfd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165405?format=json","vulnerability_id":"VCID-j47a-mqs9-1kfg","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10209","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18019","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18202","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18112","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18039","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18256","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17957","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18104","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10209"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:50:17Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99709","reference_id":"99709","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:50:17Z/"}],"url":"http://www.securityfocus.com/bid/99709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10209"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j47a-mqs9-1kfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203367?format=json","vulnerability_id":"VCID-j5x9-e1ds-wfb9","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2554","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30294","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30478","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30347","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2554"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2554","reference_id":"CVE-2019-2554","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2554"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2554"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5x9-e1ds-wfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33900?format=json","vulnerability_id":"VCID-j65j-xs5w-muaj","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2726","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37907","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37951","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2726"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:54Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:54Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2726"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j65j-xs5w-muaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287434?format=json","vulnerability_id":"VCID-jefu-asf7-7bex","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22001","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12568","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12613","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12703","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12749","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12556","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12635","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12687","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12655","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942236?format=json","purl":"pkg:deb/debian/virtualbox@7.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-22001"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jefu-asf7-7bex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/278843?format=json","vulnerability_id":"VCID-jh4t-ec6v-v7h9","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39427","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51191","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51136","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51159","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51117","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51172","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51168","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51213","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39427"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-39427"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jh4t-ec6v-v7h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/320954?format=json","vulnerability_id":"VCID-jjh6-f68g-e3dp","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as  unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30725","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16643","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16699","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16781","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16838","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16623","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16708","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16762","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16742","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30725"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103582","reference_id":"1103582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103582"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2025.html","reference_id":"cpuapr2025.html","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:17:57Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942241?format=json","purl":"pkg:deb/debian/virtualbox@7.0.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-30725"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjh6-f68g-e3dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171560?format=json","vulnerability_id":"VCID-k1y7-fwb1-dubc","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3538","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23917","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23953","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24016","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23973","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23938","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24064","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24104","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23887","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3538"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:31Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"},{"reference_url":"http://www.securityfocus.com/bid/97698","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:31Z/"}],"url":"http://www.securityfocus.com/bid/97698"},{"reference_url":"http://www.securitytracker.com/id/1038288","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:31Z/"}],"url":"http://www.securitytracker.com/id/1038288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:5.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:5.1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:5.1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:5.1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:5.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:5.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:5.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:5.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3538","reference_id":"CVE-2017-3538","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:C/I:C/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3538"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942212?format=json","purl":"pkg:deb/debian/virtualbox@5.1.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3538"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1y7-fwb1-dubc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39952?format=json","vulnerability_id":"VCID-k564-k1kj-qfh1","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2690","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39329","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39366","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39348","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39179","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39389","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39303","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39358","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39375","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2690"},{"reference_url":"http://www.securityfocus.com/bid/102694","reference_id":"102694","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:19Z/"}],"url":"http://www.securityfocus.com/bid/102694"},{"reference_url":"http://www.securitytracker.com/id/1040202","reference_id":"1040202","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:19Z/"}],"url":"http://www.securitytracker.com/id/1040202"},{"reference_url":"https://security.gentoo.org/glsa/201802-01","reference_id":"GLSA-201802-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942213?format=json","purl":"pkg:deb/debian/virtualbox@5.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2690"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k564-k1kj-qfh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344231?format=json","vulnerability_id":"VCID-k56n-ns61-fqe5","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21988","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03086","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03105","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03093","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21988"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:20Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21988"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k56n-ns61-fqe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43381?format=json","vulnerability_id":"VCID-k77g-at68-vyg4","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21571","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47794","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47765","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47784","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47733","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47787","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47783","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47808","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21571"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T18:53:52Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942232?format=json","purl":"pkg:deb/debian/virtualbox@6.1.36-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.36-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21571"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k77g-at68-vyg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61472?format=json","vulnerability_id":"VCID-kdee-sufv-bba9","summary":"Multiple vulnerabilities have been discovered in Oracle VirtualBox, the worst of which could lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22099","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26274","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2637","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26379","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26333","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26251","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26319","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22099"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202409-11","reference_id":"GLSA-202409-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942238?format=json","purl":"pkg:deb/debian/virtualbox@7.0.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-22099"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kdee-sufv-bba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33881?format=json","vulnerability_id":"VCID-khe6-uzj4-sfd8","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2674","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37907","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37951","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2674"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:42:02Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:42:02Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2674"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khe6-uzj4-sfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40280?format=json","vulnerability_id":"VCID-kjb5-7rhd-b7fm","summary":"Multiple vulnerabilities have been discovered in VirtualBox, leading to compomise of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21898","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16353","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1647","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16454","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16415","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16466","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16528","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16325","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16411","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21898"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153","reference_id":"1029153","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153"},{"reference_url":"https://security.gentoo.org/glsa/202310-07","reference_id":"GLSA-202310-07","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:39:56Z/"}],"url":"https://security.gentoo.org/glsa/202310-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942235?format=json","purl":"pkg:deb/debian/virtualbox@7.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21898"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjb5-7rhd-b7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344233?format=json","vulnerability_id":"VCID-kjsq-rfp7-qbcx","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21990","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03086","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03105","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03093","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:18Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21990"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjsq-rfp7-qbcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59758?format=json","vulnerability_id":"VCID-kqa9-s6tz-tkf1","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which allows local users to escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5613","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23018","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23091","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23111","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23074","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22966","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2313","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23174","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22965","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23038","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5613"},{"reference_url":"http://www.securityfocus.com/bid/93728","reference_id":"93728","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:48:46Z/"}],"url":"http://www.securityfocus.com/bid/93728"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:48:46Z/"}],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942207?format=json","purl":"pkg:deb/debian/virtualbox@5.1.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-5613"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqa9-s6tz-tkf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33890?format=json","vulnerability_id":"VCID-kqwv-5m3r-ukbr","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2692","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31486","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31623","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31487","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31539","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31569","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31573","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31531","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31494","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31668","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2692"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:43Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:43Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2692"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqwv-5m3r-ukbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165432?format=json","vulnerability_id":"VCID-kt56-5161-jfdw","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10237","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19352","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19212","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19217","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19404","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1912","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.192","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19253","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10237"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:12Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99667","reference_id":"99667","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:12Z/"}],"url":"http://www.securityfocus.com/bid/99667"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10237"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kt56-5161-jfdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33884?format=json","vulnerability_id":"VCID-kyzm-9bx2-aybe","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2681","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31486","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31623","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31487","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31539","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31569","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31573","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31531","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31494","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31668","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2681"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:58Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:58Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2681"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kyzm-9bx2-aybe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287424?format=json","vulnerability_id":"VCID-m15r-872d-vkev","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21990","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22933","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22989","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23049","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23093","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22882","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22955","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23026","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21990"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942236?format=json","purl":"pkg:deb/debian/virtualbox@7.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21990"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m15r-872d-vkev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40271?format=json","vulnerability_id":"VCID-m1vv-1mrr-dbah","summary":"Multiple vulnerabilities have been discovered in VirtualBox, leading to compomise of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21884","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11566","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11557","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11616","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11591","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11628","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11685","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11472","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21884"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153","reference_id":"1029153","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153"},{"reference_url":"https://security.gentoo.org/glsa/202310-07","reference_id":"GLSA-202310-07","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T14:03:13Z/"}],"url":"https://security.gentoo.org/glsa/202310-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942235?format=json","purl":"pkg:deb/debian/virtualbox@7.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21884"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1vv-1mrr-dbah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47458?format=json","vulnerability_id":"VCID-m22x-94ab-xbh8","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:17Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2929","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4271","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42707","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42736","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42676","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42727","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4274","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42762","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42638","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2929"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-508/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:17Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-508/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2929","reference_id":"CVE-2020-2929","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2929"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:17Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2929"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m22x-94ab-xbh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184468?format=json","vulnerability_id":"VCID-m7hw-8h89-4uaz","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3055","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60152","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60148","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60162","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.6017","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60027","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60105","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60129","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60098","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3055"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:09:28Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/104764","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:09:28Z/"}],"url":"http://www.securityfocus.com/bid/104764"},{"reference_url":"http://www.securitytracker.com/id/1041296","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:09:28Z/"}],"url":"http://www.securitytracker.com/id/1041296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3055","reference_id":"CVE-2018-3055","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:P"},{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3055"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942216?format=json","purl":"pkg:deb/debian/virtualbox@5.2.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3055"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7hw-8h89-4uaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335941?format=json","vulnerability_id":"VCID-magw-e9kz-yqex","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.12 and  7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62589","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07726","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07651","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07694","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07663","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07742","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0774","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542","reference_id":"1118542","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-23T03:55:31Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942243?format=json","purl":"pkg:deb/debian/virtualbox@7.2.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-62589"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-magw-e9kz-yqex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147939?format=json","vulnerability_id":"VCID-mc5b-kap1-xbd4","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2487","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23946","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24112","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23894","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23961","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2398","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2487"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2487","reference_id":"CVE-2014-2487","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2487"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942195?format=json","purl":"pkg:deb/debian/virtualbox@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-2487"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mc5b-kap1-xbd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47448?format=json","vulnerability_id":"VCID-mkje-rc43-vkc9","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:01:34Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2894","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30609","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30745","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30793","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3061","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30667","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30699","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30704","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30658","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30613","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2894"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:01:34Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-581/","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:01:34Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-581/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2894","reference_id":"CVE-2020-2894","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2894"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:01:34Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2894"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkje-rc43-vkc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37804?format=json","vulnerability_id":"VCID-mpxx-4u9h-5qg3","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14881","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33961","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.343","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34193","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34266","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34225","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34201","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34329","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14881"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:43:02Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1278/","reference_id":"ZDI-20-1278","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:43:02Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1278/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942223?format=json","purl":"pkg:deb/debian/virtualbox@6.1.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14881"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mpxx-4u9h-5qg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73573?format=json","vulnerability_id":"VCID-mq6q-nyqt-zqhx","summary":"Oracle Virtualization: From CVEorg collector","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21273.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21273.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21273","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18439","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18538","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18489","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18631","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18686","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18402","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18483","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18536","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21273"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085440","reference_id":"1085440","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085440"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318878","reference_id":"2318878","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318878"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942241?format=json","purl":"pkg:deb/debian/virtualbox@7.0.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21273"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq6q-nyqt-zqhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43138?format=json","vulnerability_id":"VCID-mtk7-rr3s-1ua6","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2287","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39875","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3997","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40036","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.4001","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40049","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2287"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:52Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2287"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtk7-rr3s-1ua6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33694?format=json","vulnerability_id":"VCID-mv4s-yx7h-nqam","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39424","reference_id":"","reference_type":"","scores":[{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91314","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91271","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91299","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91306","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91313","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91315","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91287","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39424"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T14:22:03Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-39424"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mv4s-yx7h-nqam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47399?format=json","vulnerability_id":"VCID-my2u-yfbp-97df","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2867","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3179","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31657","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31704","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31733","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31736","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31696","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3166","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31834","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31653","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2867"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:34Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:34Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-19-963/","reference_id":"ZDI-19-963","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:34Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-963/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-19-964/","reference_id":"ZDI-19-964","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:34Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-964/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-19-965/","reference_id":"ZDI-19-965","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:34Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-965/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2867"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-my2u-yfbp-97df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48564?format=json","vulnerability_id":"VCID-mzqw-dysw-rfh7","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2842","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3318","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33173","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33216","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33249","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33253","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33213","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33189","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3334","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2842"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:21:02Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.securityfocus.com/bid/103853","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:21:02Z/"}],"url":"http://www.securityfocus.com/bid/103853"},{"reference_url":"http://www.securitytracker.com/id/1040707","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:21:02Z/"}],"url":"http://www.securitytracker.com/id/1040707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2842","reference_id":"CVE-2018-2842","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2842"},{"reference_url":"https://security.gentoo.org/glsa/201805-08","reference_id":"GLSA-201805-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:21:02Z/"}],"url":"https://security.gentoo.org/glsa/201805-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942214?format=json","purl":"pkg:deb/debian/virtualbox@5.2.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2842"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzqw-dysw-rfh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/320950?format=json","vulnerability_id":"VCID-n2ce-z1qr-1kgy","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30719","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22171","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22225","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22056","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22136","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22191","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22212","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30719"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103582","reference_id":"1103582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103582"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2025.html","reference_id":"cpuapr2025.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:38:56Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942241?format=json","purl":"pkg:deb/debian/virtualbox@7.0.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-30719"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2ce-z1qr-1kgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47402?format=json","vulnerability_id":"VCID-n5cq-nhhv-gufx","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2875","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35886","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35787","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35689","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35747","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35797","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3582","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35828","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2875"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:57Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:57Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2875"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5cq-nhhv-gufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40281?format=json","vulnerability_id":"VCID-n5yh-21ya-n7ad","summary":"Multiple vulnerabilities have been discovered in VirtualBox, leading to compomise of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21899","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16353","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1647","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16454","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16415","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16466","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16528","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16325","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16411","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21899"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153","reference_id":"1029153","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153"},{"reference_url":"https://security.gentoo.org/glsa/202310-07","reference_id":"GLSA-202310-07","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:39:54Z/"}],"url":"https://security.gentoo.org/glsa/202310-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942235?format=json","purl":"pkg:deb/debian/virtualbox@7.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21899"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5yh-21ya-n7ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203330?format=json","vulnerability_id":"VCID-ncnb-yj3d-zqd1","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:19Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2520","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2520"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:19Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:19Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2520","reference_id":"CVE-2019-2520","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2520"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncnb-yj3d-zqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203522?format=json","vulnerability_id":"VCID-ngxv-3a1q-6bf3","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2679","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.3122","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31085","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31095","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31262","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31083","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31135","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31173","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31129","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2679"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2679"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngxv-3a1q-6bf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56642?format=json","vulnerability_id":"VCID-nmm4-nj3z-9qdb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0981","reference_id":"","reference_type":"","scores":[{"value":"0.06475","scoring_system":"epss","scoring_elements":"0.91033","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06475","scoring_system":"epss","scoring_elements":"0.91038","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06475","scoring_system":"epss","scoring_elements":"0.91047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06475","scoring_system":"epss","scoring_elements":"0.91056","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06475","scoring_system":"epss","scoring_elements":"0.91068","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06475","scoring_system":"epss","scoring_elements":"0.91074","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06475","scoring_system":"epss","scoring_elements":"0.91083","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06475","scoring_system":"epss","scoring_elements":"0.91084","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0981"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0981","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0981"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0983","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0983"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741602","reference_id":"741602","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741602"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/32208.txt","reference_id":"CVE-2014-0983;CVE-2014-0982;CVE-2014-0981;OSVDB-104354;OSVDB-104353;OSVDB-104352","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/32208.txt"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942193?format=json","purl":"pkg:deb/debian/virtualbox@4.3.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-0981"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmm4-nj3z-9qdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226822?format=json","vulnerability_id":"VCID-nngp-de3b-v7f9","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21164","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2418","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2428","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24238","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24338","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24371","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24154","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24264","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21164"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2024.html","reference_id":"cpujul2024.html","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T14:44:46Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942240?format=json","purl":"pkg:deb/debian/virtualbox@7.0.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21164"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nngp-de3b-v7f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37808?format=json","vulnerability_id":"VCID-nnum-bqqa-fyfx","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14884","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39952","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40099","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40046","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40098","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40112","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40084","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40125","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14884"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:43:01Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1279/","reference_id":"ZDI-20-1279","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:43:01Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1279/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942223?format=json","purl":"pkg:deb/debian/virtualbox@6.1.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14884"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnum-bqqa-fyfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33899?format=json","vulnerability_id":"VCID-npcf-ak1s-tbe7","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2725","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35573","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35769","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35675","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35721","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35744","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35753","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35709","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35685","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35795","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2725"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:03Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:03Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2725"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-npcf-ak1s-tbe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47428?format=json","vulnerability_id":"VCID-nqkb-c7nt-17fj","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14698","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35068","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35048","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35052","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35016","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35095","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14698"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:29Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:29Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:29Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-901/","reference_id":"ZDI-20-901","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:29Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-901/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14698"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqkb-c7nt-17fj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43359?format=json","vulnerability_id":"VCID-nr3b-wh76-gqdj","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21487","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13646","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13775","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1363","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13711","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13762","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13732","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13695","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13831","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21487"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T18:36:39Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942231?format=json","purl":"pkg:deb/debian/virtualbox@6.1.34-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.34-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21487"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nr3b-wh76-gqdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43371?format=json","vulnerability_id":"VCID-nsk9-6w9h-hbes","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21488","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19549","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19745","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19519","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19599","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19652","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19656","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19608","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19795","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21488"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T18:36:38Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942231?format=json","purl":"pkg:deb/debian/virtualbox@6.1.34-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.34-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21488"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsk9-6w9h-hbes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33870?format=json","vulnerability_id":"VCID-nvsw-y77g-dfg2","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2984","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37811","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37872","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37836","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.3771","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37891","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37794","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2984"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:50Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2984","reference_id":"CVE-2019-2984","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2984"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:50Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:50Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942221?format=json","purl":"pkg:deb/debian/virtualbox@6.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2984"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvsw-y77g-dfg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40279?format=json","vulnerability_id":"VCID-nwhw-7q9q-cfgq","summary":"Multiple vulnerabilities have been discovered in VirtualBox, leading to compomise of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21889","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22239","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22339","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22298","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22352","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22397","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22181","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22264","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21889"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153","reference_id":"1029153","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153"},{"reference_url":"https://security.gentoo.org/glsa/202310-07","reference_id":"GLSA-202310-07","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T14:03:07Z/"}],"url":"https://security.gentoo.org/glsa/202310-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942235?format=json","purl":"pkg:deb/debian/virtualbox@7.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21889"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nwhw-7q9q-cfgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203364?format=json","vulnerability_id":"VCID-nygk-v118-wfa9","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2552","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2552"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:09Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:09Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2552","reference_id":"CVE-2019-2552","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2552"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nygk-v118-wfa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48563?format=json","vulnerability_id":"VCID-nyw9-n4q9-yycg","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2837","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3318","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33173","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33216","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33249","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33253","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33213","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33189","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3334","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2837"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:41Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.securityfocus.com/bid/103859","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:41Z/"}],"url":"http://www.securityfocus.com/bid/103859"},{"reference_url":"http://www.securitytracker.com/id/1040707","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:41Z/"}],"url":"http://www.securitytracker.com/id/1040707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2837","reference_id":"CVE-2018-2837","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2837"},{"reference_url":"https://security.gentoo.org/glsa/201805-08","reference_id":"GLSA-201805-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:41Z/"}],"url":"https://security.gentoo.org/glsa/201805-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942214?format=json","purl":"pkg:deb/debian/virtualbox@5.2.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2837"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyw9-n4q9-yycg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148926?format=json","vulnerability_id":"VCID-p1vb-s1bn-cbhx","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4228","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29462","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29517","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29584","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29633","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29455","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29518","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29557","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29559","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29515","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4228"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/94613","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/94613"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/68601","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/68601"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939","reference_id":"754939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4228","reference_id":"CVE-2014-4228","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4228"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942194?format=json","purl":"pkg:deb/debian/virtualbox@4.3.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-4228"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1vb-s1bn-cbhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37868?format=json","vulnerability_id":"VCID-p2kk-dt57-r7ap","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2121","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37756","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3779","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37803","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37817","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37782","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37654","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37835","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37861","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37739","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2121"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:24Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2121"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2kk-dt57-r7ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162092?format=json","vulnerability_id":"VCID-p3bj-xmqm-73fe","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5501","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1444","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14403","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14405","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14545","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14437","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14491","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5501"},{"reference_url":"http://www.securityfocus.com/bid/93687","reference_id":"93687","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T17:47:07Z/"}],"url":"http://www.securityfocus.com/bid/93687"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942207?format=json","purl":"pkg:deb/debian/virtualbox@5.1.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-5501"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3bj-xmqm-73fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73589?format=json","vulnerability_id":"VCID-pfke-a98y-akej","summary":"Oracle Virtualization: From CVEorg collector","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21259.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21259.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21259","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19656","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19762","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19713","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19844","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19898","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19627","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19707","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19758","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21259"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085440","reference_id":"1085440","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085440"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318872","reference_id":"2318872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318872"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942241?format=json","purl":"pkg:deb/debian/virtualbox@7.0.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21259"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfke-a98y-akej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171581?format=json","vulnerability_id":"VCID-pfqq-62vj-xqes","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3561","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4469","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4473","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44783","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44785","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44802","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44771","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44773","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4477","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44791","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3561"},{"reference_url":"https://www.exploit-db.com/exploits/41905/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:18Z/"}],"url":"https://www.exploit-db.com/exploits/41905/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:18Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"},{"reference_url":"http://www.securityfocus.com/bid/97730","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:18Z/"}],"url":"http://www.securityfocus.com/bid/97730"},{"reference_url":"http://www.securitytracker.com/id/1038288","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:18Z/"}],"url":"http://www.securitytracker.com/id/1038288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1091","reference_id":"CVE-2017-3561","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1091"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41905.txt","reference_id":"CVE-2017-3561","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41905.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3561","reference_id":"CVE-2017-3561","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3561"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942211?format=json","purl":"pkg:deb/debian/virtualbox@5.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3561"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfqq-62vj-xqes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56643?format=json","vulnerability_id":"VCID-pq4m-djh5-hbb6","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0983","reference_id":"","reference_type":"","scores":[{"value":"0.12015","scoring_system":"epss","scoring_elements":"0.93739","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12015","scoring_system":"epss","scoring_elements":"0.93748","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12015","scoring_system":"epss","scoring_elements":"0.93758","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12015","scoring_system":"epss","scoring_elements":"0.93761","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12015","scoring_system":"epss","scoring_elements":"0.9377","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12015","scoring_system":"epss","scoring_elements":"0.93772","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12015","scoring_system":"epss","scoring_elements":"0.93777","published_at":"2026-04-11T12:55:00Z"},{"value":"0.12015","scoring_system":"epss","scoring_elements":"0.93778","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0983"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0981","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0981"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0983","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0983"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741602","reference_id":"741602","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741602"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86-64/remote/34334.rb","reference_id":"CVE-2015-4523;OSVDB-104354;CVE-2014-0983","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86-64/remote/34334.rb"},{"reference_url":"http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities","reference_id":"CVE-2015-4523;OSVDB-104354;CVE-2014-0983","reference_type":"exploit","scores":[],"url":"http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942193?format=json","purl":"pkg:deb/debian/virtualbox@4.3.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-0983"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq4m-djh5-hbb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43146?format=json","vulnerability_id":"VCID-puye-vcas-s7dv","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2291","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38161","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38203","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38239","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3822","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62125","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62186","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62217","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2291"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:50Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-21-457/","reference_id":"ZDI-21-457","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:50Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-457/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2291"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-puye-vcas-s7dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184735?format=json","vulnerability_id":"VCID-pz6x-vubk-5kaq","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3288","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63416","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63381","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63399","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63277","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63364","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6333","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3288"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:03Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:03Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3288"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pz6x-vubk-5kaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171578?format=json","vulnerability_id":"VCID-q4r8-w7tf-ykab","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3558","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36401","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36442","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36494","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36514","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36521","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36485","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36462","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36572","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36605","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3558"},{"reference_url":"https://www.exploit-db.com/exploits/41904/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:45Z/"}],"url":"https://www.exploit-db.com/exploits/41904/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:45Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"},{"reference_url":"http://www.securityfocus.com/bid/97744","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:45Z/"}],"url":"http://www.securityfocus.com/bid/97744"},{"reference_url":"http://www.securitytracker.com/id/1038288","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:45Z/"}],"url":"http://www.securitytracker.com/id/1038288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1086","reference_id":"CVE-2017-3558","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1086"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/41904.txt","reference_id":"CVE-2017-3558","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/41904.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3558","reference_id":"CVE-2017-3558","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3558"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942211?format=json","purl":"pkg:deb/debian/virtualbox@5.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3558"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4r8-w7tf-ykab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37842?format=json","vulnerability_id":"VCID-q5ca-n4hk-r3fj","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2086","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40518","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40548","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40609","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40627","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40589","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.4057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40599","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40626","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2086"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:54:18Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2086"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5ca-n4hk-r3fj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/344232?format=json","vulnerability_id":"VCID-q879-2fzs-7fha","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.14 and  7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21989","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03086","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03105","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03093","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21989"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117","reference_id":"1126117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126117"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:19Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942244?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2026-21989"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q879-2fzs-7fha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47419?format=json","vulnerability_id":"VCID-q9ws-v22k-t7a5","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14673","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35068","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35048","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35052","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35016","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35095","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14673"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:08Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:08Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:08Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-898/","reference_id":"ZDI-20-898","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:57:08Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-898/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14673"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9ws-v22k-t7a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33687?format=json","vulnerability_id":"VCID-qa11-rtug-wbee","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21621","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18505","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18602","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18557","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18698","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18752","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18469","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18549","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21621"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T15:20:56Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21621"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qa11-rtug-wbee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184767?format=json","vulnerability_id":"VCID-qbhh-ywxu-jfad","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:37Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3309","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3544","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35495","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35506","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35463","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35319","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35518","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35543","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35425","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35471","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3309"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:37Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106572","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:37Z/"}],"url":"http://www.securityfocus.com/bid/106572"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3309","reference_id":"CVE-2018-3309","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3309"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942217?format=json","purl":"pkg:deb/debian/virtualbox@5.2.22-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.22-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3309"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbhh-ywxu-jfad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43089?format=json","vulnerability_id":"VCID-qbjr-mw28-9ufu","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2250","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35361","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35586","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35514","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35538","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35548","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35504","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3556","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2250"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T14:48:41Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-21-484/","reference_id":"ZDI-21-484","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T14:48:41Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-484/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2250"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbjr-mw28-9ufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33878?format=json","vulnerability_id":"VCID-qdk1-zzgr-dud2","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3028","reference_id":"","reference_type":"","scores":[{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61233","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61248","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61269","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61255","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61113","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61191","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61219","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61186","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3028"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:16Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3028","reference_id":"CVE-2019-3028","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3028"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:16Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:16Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942221?format=json","purl":"pkg:deb/debian/virtualbox@6.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-3028"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdk1-zzgr-dud2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184493?format=json","vulnerability_id":"VCID-qdz9-3a5m-aba8","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3088","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3088"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:25Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/104764","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:25Z/"}],"url":"http://www.securityfocus.com/bid/104764"},{"reference_url":"http://www.securitytracker.com/id/1041296","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:25Z/"}],"url":"http://www.securitytracker.com/id/1041296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3088","reference_id":"CVE-2018-3088","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3088"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942216?format=json","purl":"pkg:deb/debian/virtualbox@5.2.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3088"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdz9-3a5m-aba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226188?format=json","vulnerability_id":"VCID-qekt-d11a-ryf5","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21107","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33486","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33445","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33532","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33565","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33405","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33449","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33483","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21107"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-19T04:01:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21107"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qekt-d11a-ryf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59754?format=json","vulnerability_id":"VCID-qerv-8955-dffm","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which allows local users to escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0427","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26554","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26381","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2645","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26507","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2646","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26403","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0427"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888","reference_id":"775888","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942196?format=json","purl":"pkg:deb/debian/virtualbox@4.3.18-dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.18-dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-0427"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qerv-8955-dffm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165406?format=json","vulnerability_id":"VCID-qgrq-fwx7-x3fu","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10210","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23277","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23402","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23371","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23333","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23224","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23442","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23227","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.233","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2335","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10210"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:50:15Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99640","reference_id":"99640","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:50:15Z/"}],"url":"http://www.securityfocus.com/bid/99640"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10210"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgrq-fwx7-x3fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226856?format=json","vulnerability_id":"VCID-qksu-f137-m7ge","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21110","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39811","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39861","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39827","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39862","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39783","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39851","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21110"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-19T04:01:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21110"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qksu-f137-m7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335944?format=json","vulnerability_id":"VCID-qsck-8nxx-zqbb","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are 7.1.12 and  7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62592","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04772","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04792","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04744","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04767","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04782","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04815","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04827","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04814","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62592"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542","reference_id":"1118542","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118542"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T14:10:33Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942243?format=json","purl":"pkg:deb/debian/virtualbox@7.2.4-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.4-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-62592"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsck-8nxx-zqbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203245?format=json","vulnerability_id":"VCID-quny-rmp6-pygd","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:37Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:37Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2451","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30294","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30478","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30347","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2451"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:37Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:37Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2451","reference_id":"CVE-2019-2451","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2451"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-quny-rmp6-pygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165436?format=json","vulnerability_id":"VCID-qx5v-d899-e7hs","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10241","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19352","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19212","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19217","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19404","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1912","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.192","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19253","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10241"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:02Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99687","reference_id":"99687","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:02Z/"}],"url":"http://www.securityfocus.com/bid/99687"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10241"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qx5v-d899-e7hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33691?format=json","vulnerability_id":"VCID-qz6v-9x2t-73fk","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39421","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53603","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53589","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53638","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.5362","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53548","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53574","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53543","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53592","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39421"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T15:25:19Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-39421"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qz6v-9x2t-73fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37875?format=json","vulnerability_id":"VCID-qzab-crkk-zfba","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2123","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14819","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14901","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14951","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14878","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14882","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1493","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15007","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14812","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2123"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"3.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:20Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2123"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzab-crkk-zfba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41225?format=json","vulnerability_id":"VCID-r1pj-wxzf-5ubj","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird, the worst of which may allow user-assisted execution of\n    arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"},{"reference_url":"http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1980.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1980.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1981.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1981.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7183","reference_id":"","reference_type":"","scores":[{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89359","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89317","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89366","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89363","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89323","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89335","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89337","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89353","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89358","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7183"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa119","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa119"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1205157","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"},{"reference_url":"http://www.debian.org/security/2015/dsa-3393","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3393"},{"reference_url":"http://www.debian.org/security/2015/dsa-3406","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3406"},{"reference_url":"http://www.mozilla.org/security/announce/2015/mfsa2015-133.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"http://www.securityfocus.com/bid/77415","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/77415"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://www.securitytracker.com/id/1034069","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034069"},{"reference_url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753","reference_id":"","reference_type":"","scores":[],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"},{"reference_url":"http://www.ubuntu.com/usn/USN-2785-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2785-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2790-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2790-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2819-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2819-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269353","reference_id":"1269353","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269353"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7183","reference_id":"CVE-2015-7183","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7183"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1980","reference_id":"RHSA-2015:1980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1981","reference_id":"RHSA-2015:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2068","reference_id":"RHSA-2015:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2068"},{"reference_url":"https://usn.ubuntu.com/2785-1/","reference_id":"USN-2785-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2785-1/"},{"reference_url":"https://usn.ubuntu.com/2790-1/","reference_id":"USN-2790-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2790-1/"},{"reference_url":"https://usn.ubuntu.com/2819-1/","reference_id":"USN-2819-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2819-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942202?format=json","purl":"pkg:deb/debian/virtualbox@5.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-7183"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1pj-wxzf-5ubj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55715?format=json","vulnerability_id":"VCID-r787-jbxe-xuhz","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0407","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22787","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22957","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.23001","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22792","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22866","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22919","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22939","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22846","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5892","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0407"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735410","reference_id":"735410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735410"},{"reference_url":"https://security.gentoo.org/glsa/201401-13","reference_id":"GLSA-201401-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942192?format=json","purl":"pkg:deb/debian/virtualbox@4.3.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-0407"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r787-jbxe-xuhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165332?format=json","vulnerability_id":"VCID-rb61-s8yy-6fh1","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10129","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50739","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50687","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50724","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5072","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50763","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50633","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50713","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50669","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10129"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:23Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"https://www.exploit-db.com/exploits/42426/","reference_id":"42426","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:23Z/"}],"url":"https://www.exploit-db.com/exploits/42426/"},{"reference_url":"http://www.securityfocus.com/bid/99638","reference_id":"99638","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:23Z/"}],"url":"http://www.securityfocus.com/bid/99638"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1296","reference_id":"CVE-2017-10129","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1296"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/42426.txt","reference_id":"CVE-2017-10129","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/42426.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10129"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rb61-s8yy-6fh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33874?format=json","vulnerability_id":"VCID-rcf8-5d9m-s3gc","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3017","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34564","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34681","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34725","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34753","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34756","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34717","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34693","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34777","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34803","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3017"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-19-916/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:19Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-916/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:19Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3017","reference_id":"CVE-2019-3017","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3017"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:19Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:19Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942221?format=json","purl":"pkg:deb/debian/virtualbox@6.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-3017"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rcf8-5d9m-s3gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287422?format=json","vulnerability_id":"VCID-rguu-gfvv-aud8","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21988","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22338","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22395","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22444","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22489","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22277","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22415","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22437","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21988"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942236?format=json","purl":"pkg:deb/debian/virtualbox@7.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21988"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rguu-gfvv-aud8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47438?format=json","vulnerability_id":"VCID-rjcs-mufm-h7fs","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14713","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24791","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24944","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24871","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24885","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24847","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24865","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24985","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24759","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24827","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14713"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:54:19Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:54:19Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:54:19Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14713"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjcs-mufm-h7fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47434?format=json","vulnerability_id":"VCID-rjg7-ntnn-2ya5","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14704","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37301","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37436","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37289","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37351","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37363","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37329","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37271","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3746","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14704"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:21Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:21Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:21Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-904/","reference_id":"ZDI-20-904","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:21Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-904/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14704"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjg7-ntnn-2ya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56583?format=json","vulnerability_id":"VCID-rpcf-ppp1-qbd1","summary":"Multiple vulnerabilities were found in VirtualBox, allowing local\n    attackers to gain escalated privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0111","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18646","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18783","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18836","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18555","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18635","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1869","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18694","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18595","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659950","reference_id":"659950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659950"},{"reference_url":"https://security.gentoo.org/glsa/201204-01","reference_id":"GLSA-201204-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942188?format=json","purl":"pkg:deb/debian/virtualbox@4.1.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.1.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2012-0111"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rpcf-ppp1-qbd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287425?format=json","vulnerability_id":"VCID-rty8-4f5g-a7ac","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21991","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17005","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17066","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17157","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1721","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16991","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17138","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17113","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21991"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942236?format=json","purl":"pkg:deb/debian/virtualbox@7.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21991"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rty8-4f5g-a7ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47447?format=json","vulnerability_id":"VCID-ryh1-3n7p-4fd2","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:41Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2758","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37519","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37726","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37669","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37683","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37649","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37621","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2758"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-507/","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:41Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-507/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2758","reference_id":"CVE-2020-2758","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2758"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:41Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2758"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ryh1-3n7p-4fd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165385?format=json","vulnerability_id":"VCID-sbtb-kwbk-43dj","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10187","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25194","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25344","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2529","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25247","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2527","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25384","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25161","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2523","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25275","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10187"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:50:49Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99711","reference_id":"99711","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:50:49Z/"}],"url":"http://www.securityfocus.com/bid/99711"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10187"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sbtb-kwbk-43dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/315020?format=json","vulnerability_id":"VCID-segw-gnkd-6ybu","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.24 and  prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as  unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-21571","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06001","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06036","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0602","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06059","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06098","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06088","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-21571"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093879","reference_id":"1093879","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093879"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2025.html","reference_id":"cpujan2025.html","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T14:39:45Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942241?format=json","purl":"pkg:deb/debian/virtualbox@7.0.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-21571"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-segw-gnkd-6ybu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226467?format=json","vulnerability_id":"VCID-sjnq-f8tq-d3d4","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21106","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3632","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36378","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36342","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36434","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36467","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36302","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3635","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36371","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21106"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-30T15:32:20Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21106"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjnq-f8tq-d3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37894?format=json","vulnerability_id":"VCID-sjun-jhtp-hfce","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2127","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41517","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41534","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41542","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41564","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41531","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4153","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41558","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41484","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2127"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:14Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2127"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjun-jhtp-hfce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33888?format=json","vulnerability_id":"VCID-sn3m-8amt-mbgg","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2691","reference_id":"","reference_type":"","scores":[{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61578","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61653","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61683","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61702","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61717","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61739","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61726","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61707","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2691"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:44Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:44Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2691"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sn3m-8amt-mbgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59757?format=json","vulnerability_id":"VCID-sn5s-ywa3-u7c1","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which allows local users to escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5611","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14175","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14322","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14269","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14231","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14237","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14316","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14379","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14186","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14268","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5611"},{"reference_url":"http://www.securityfocus.com/bid/93744","reference_id":"93744","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:48:49Z/"}],"url":"http://www.securityfocus.com/bid/93744"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:48:49Z/"}],"url":"https://security.gentoo.org/glsa/201612-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942207?format=json","purl":"pkg:deb/debian/virtualbox@5.1.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-5611"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sn5s-ywa3-u7c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226350?format=json","vulnerability_id":"VCID-sqcp-u9uz-eugn","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21108","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36017","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36082","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36043","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36142","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36172","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36008","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36057","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36075","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21108"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T20:13:49Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21108"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqcp-u9uz-eugn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203553?format=json","vulnerability_id":"VCID-srpe-czby-jue9","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2721","reference_id":"","reference_type":"","scores":[{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79281","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79335","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79274","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79305","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79291","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79317","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79326","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.7935","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2721"},{"reference_url":"https://www.exploit-db.com/exploits/46747/","reference_id":"46747","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:41Z/"}],"url":"https://www.exploit-db.com/exploits/46747/"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1811","reference_id":"CVE-2019-2721","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1811"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/46747.txt","reference_id":"CVE-2019-2721","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/46747.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2721"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-srpe-czby-jue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226729?format=json","vulnerability_id":"VCID-swkf-186u-1kgz","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21116","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42127","published_at":"2026-04-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4209","published_at":"2026-04-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42076","published_at":"2026-04-02T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42104","published_at":"2026-04-04T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42041","published_at":"2026-04-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42093","published_at":"2026-04-08T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42105","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21116"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-19T04:01:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21116"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swkf-186u-1kgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47400?format=json","vulnerability_id":"VCID-sxgh-wms4-hydr","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2873","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35886","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35787","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35689","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35747","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35797","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3582","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35828","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2873"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:16:00Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:16:00Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2873"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxgh-wms4-hydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203554?format=json","vulnerability_id":"VCID-sxh8-hd5p-7bfq","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2722","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35496","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35517","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35374","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35599","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35482","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35528","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35553","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35561","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2722"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-19-425/","reference_id":"ZDI-19-425","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:40Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-425/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2722"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxh8-hd5p-7bfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47453?format=json","vulnerability_id":"VCID-t1gj-aa8j-jucx","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:01:16Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2909","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45061","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45053","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45075","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45017","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45069","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45058","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.44972","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2909"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:01:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2909","reference_id":"CVE-2020-2909","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2909"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:01:16Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2909"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1gj-aa8j-jucx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47406?format=json","vulnerability_id":"VCID-t2ad-r1aw-x3d7","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2877","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35886","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35787","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35689","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35747","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35797","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3582","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35828","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2877"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:54Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:54Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2877"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ad-r1aw-x3d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43185?format=json","vulnerability_id":"VCID-t3m7-zvcc-3qar","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2306","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20194","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20216","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20274","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20299","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20253","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.202","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20349","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20409","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20134","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2306"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:36Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2306"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t3m7-zvcc-3qar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48560?format=json","vulnerability_id":"VCID-t3xc-jcau-dyhc","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2831","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29103","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29229","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2904","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2915","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29105","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29054","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29178","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2831"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:25:59Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.securityfocus.com/bid/103863","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:25:59Z/"}],"url":"http://www.securityfocus.com/bid/103863"},{"reference_url":"http://www.securitytracker.com/id/1040707","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:25:59Z/"}],"url":"http://www.securitytracker.com/id/1040707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2831","reference_id":"CVE-2018-2831","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2831"},{"reference_url":"https://security.gentoo.org/glsa/201805-08","reference_id":"GLSA-201805-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:25:59Z/"}],"url":"https://security.gentoo.org/glsa/201805-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942214?format=json","purl":"pkg:deb/debian/virtualbox@5.2.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2831"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t3xc-jcau-dyhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147931?format=json","vulnerability_id":"VCID-tcbn-c6e2-zycb","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2477","reference_id":"","reference_type":"","scores":[{"value":"0.07491","scoring_system":"epss","scoring_elements":"0.9179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07491","scoring_system":"epss","scoring_elements":"0.91748","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07491","scoring_system":"epss","scoring_elements":"0.91756","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07491","scoring_system":"epss","scoring_elements":"0.91763","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07491","scoring_system":"epss","scoring_elements":"0.9177","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07491","scoring_system":"epss","scoring_elements":"0.91782","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07491","scoring_system":"epss","scoring_elements":"0.91789","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07491","scoring_system":"epss","scoring_elements":"0.91792","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07491","scoring_system":"epss","scoring_elements":"0.91794","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2477"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://www.exploit-db.com/exploits/34333","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/34333"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/68613","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/68613"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939","reference_id":"754939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2477","reference_id":"CVE-2014-2477","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2477"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/34333.rb","reference_id":"CVE-2014-2477;OSVDB-109152","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/34333.rb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942194?format=json","purl":"pkg:deb/debian/virtualbox@4.3.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-2477"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcbn-c6e2-zycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47424?format=json","vulnerability_id":"VCID-tdga-tubw-53db","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14677","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31565","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31696","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.3161","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31639","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31643","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31601","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.3174","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14677"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:45Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:45Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:45Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-893/","reference_id":"ZDI-20-893","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:45Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-893/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14677"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tdga-tubw-53db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37834?format=json","vulnerability_id":"VCID-tehr-wkyz-8kcd","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2073","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41517","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41534","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41542","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41564","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41531","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4153","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41558","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41484","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2073"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:54:35Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2073"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tehr-wkyz-8kcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165400?format=json","vulnerability_id":"VCID-tewa-96fw-nffy","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10204","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31795","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31668","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31741","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31745","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31704","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31663","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3166","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31711","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10204"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:20Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"https://www.exploit-db.com/exploits/42425/","reference_id":"42425","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:20Z/"}],"url":"https://www.exploit-db.com/exploits/42425/"},{"reference_url":"http://www.securityfocus.com/bid/99631","reference_id":"99631","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:20Z/"}],"url":"http://www.securityfocus.com/bid/99631"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1257","reference_id":"CVE-2017-10204","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1257"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/42425.txt","reference_id":"CVE-2017-10204","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/42425.txt"},{"reference_url":"http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html","reference_id":"VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:20Z/"}],"url":"http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tewa-96fw-nffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184737?format=json","vulnerability_id":"VCID-tfs5-nd8b-g3g5","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3289","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3289"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:01Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:01Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3289"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfs5-nd8b-g3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287445?format=json","vulnerability_id":"VCID-tfs7-wh6p-hbgq","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.46 and  Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22017","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18811","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18586","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18666","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18721","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18726","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18864","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20457","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20512","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22017"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2023.html","reference_id":"cpujul2023.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T17:57:12Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2023.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942237?format=json","purl":"pkg:deb/debian/virtualbox@7.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-22017"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfs7-wh6p-hbgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147938?format=json","vulnerability_id":"VCID-tgdf-c4sz-xfdf","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2477.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2486","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23526","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2351","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2367","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23712","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23492","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23562","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23608","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23624","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23583","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2486"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939","reference_id":"754939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2486","reference_id":"CVE-2014-2486","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:N/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2486"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942194?format=json","purl":"pkg:deb/debian/virtualbox@4.3.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-2486"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgdf-c4sz-xfdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47430?format=json","vulnerability_id":"VCID-th8u-azds-w7eg","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14699","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36852","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36902","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36918","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36926","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36891","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36832","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37024","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14699"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:54:26Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:54:26Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:54:26Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-902/","reference_id":"ZDI-20-902","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T19:54:26Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-902/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14699"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-th8u-azds-w7eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47445?format=json","vulnerability_id":"VCID-tj4t-44dk-x7bt","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:29Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2743","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28088","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28131","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27926","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27993","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28034","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2804","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27998","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28016","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2743"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:29Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-500/","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:29Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-500/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2743","reference_id":"CVE-2020-2743","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2743"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:29Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2743"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tj4t-44dk-x7bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/314991?format=json","vulnerability_id":"VCID-tmny-4bf3-vqcp","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.24 and  prior to 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-21533","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23168","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23226","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23285","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23328","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23117","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23191","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23242","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23264","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-21533"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093879","reference_id":"1093879","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093879"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2025.html","reference_id":"cpujan2025.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T18:28:32Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942241?format=json","purl":"pkg:deb/debian/virtualbox@7.0.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-21533"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmny-4bf3-vqcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80911?format=json","vulnerability_id":"VCID-tmt2-zsug-n3bq","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0495","reference_id":"","reference_type":"","scores":[{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.76989","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.76927","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.76933","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.76963","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.76945","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.76977","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.76988","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.77015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.76994","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592"},{"reference_url":"http://www.debian.org/security/2016/dsa-3454","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3454"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.securityfocus.com/bid/81214","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/81214"},{"reference_url":"http://www.securitytracker.com/id/1034731","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034731"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0495","reference_id":"CVE-2016-0495","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0495"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942203?format=json","purl":"pkg:deb/debian/virtualbox@5.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-0495"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmt2-zsug-n3bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287435?format=json","vulnerability_id":"VCID-ttey-8sw1-e7av","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22002","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22796","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22848","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22893","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22685","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22812","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22834","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22002"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942236?format=json","purl":"pkg:deb/debian/virtualbox@7.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-22002"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttey-8sw1-e7av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39971?format=json","vulnerability_id":"VCID-tumg-4rxf-kuf4","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2694","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24147","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24301","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24246","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24204","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24172","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24335","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24187","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2423","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2694"},{"reference_url":"http://www.securityfocus.com/bid/102687","reference_id":"102687","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:15Z/"}],"url":"http://www.securityfocus.com/bid/102687"},{"reference_url":"http://www.securitytracker.com/id/1040202","reference_id":"1040202","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:15Z/"}],"url":"http://www.securitytracker.com/id/1040202"},{"reference_url":"https://security.gentoo.org/glsa/201802-01","reference_id":"GLSA-201802-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942213?format=json","purl":"pkg:deb/debian/virtualbox@5.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2694"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tumg-4rxf-kuf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33873?format=json","vulnerability_id":"VCID-tvbr-1a2x-vfhn","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3005","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37811","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37872","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37836","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.3771","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37891","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37794","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3005"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:22Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3005","reference_id":"CVE-2019-3005","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3005"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:22Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:22Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942221?format=json","purl":"pkg:deb/debian/virtualbox@6.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-3005"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvbr-1a2x-vfhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165428?format=json","vulnerability_id":"VCID-tw27-8dua-m3h2","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10233","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22189","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22175","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22134","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22031","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22237","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.2202","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.221","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22155","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10233"},{"reference_url":"http://www.securitytracker.com/id/1038929","reference_id":"1038929","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:16Z/"}],"url":"http://www.securitytracker.com/id/1038929"},{"reference_url":"http://www.securityfocus.com/bid/99642","reference_id":"99642","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:49:16Z/"}],"url":"http://www.securityfocus.com/bid/99642"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942209?format=json","purl":"pkg:deb/debian/virtualbox@5.1.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10233"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tw27-8dua-m3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37830?format=json","vulnerability_id":"VCID-tztw-eec3-6kaz","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14892","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.1788","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.1804","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18095","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17797","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17884","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17944","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17961","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17916","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17867","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14892"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942223?format=json","purl":"pkg:deb/debian/virtualbox@6.1.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14892"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tztw-eec3-6kaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43135?format=json","vulnerability_id":"VCID-u1n4-8wg1-cfea","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2284","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38119","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38153","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38161","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38179","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38143","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3803","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3821","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38103","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2284"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:42:39Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2284"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u1n4-8wg1-cfea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40277?format=json","vulnerability_id":"VCID-u558-4xcy-u3e8","summary":"Multiple vulnerabilities have been discovered in VirtualBox, leading to compomise of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21885","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22239","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22339","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22298","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22352","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22397","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22181","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22264","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-21885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153","reference_id":"1029153","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029153"},{"reference_url":"https://security.gentoo.org/glsa/202310-07","reference_id":"GLSA-202310-07","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T14:03:12Z/"}],"url":"https://security.gentoo.org/glsa/202310-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942235?format=json","purl":"pkg:deb/debian/virtualbox@7.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-21885"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u558-4xcy-u3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33898?format=json","vulnerability_id":"VCID-u7nr-m2yz-rqg6","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2705","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31486","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31623","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31487","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31539","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31569","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31573","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31531","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31494","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31668","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2705"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:30Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:01:30Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2705"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7nr-m2yz-rqg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48559?format=json","vulnerability_id":"VCID-u7zj-kgmx-gbch","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2830","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3318","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33173","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33216","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33249","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33253","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33213","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33189","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3334","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2830"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:49Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.securityfocus.com/bid/103856","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:49Z/"}],"url":"http://www.securityfocus.com/bid/103856"},{"reference_url":"http://www.securitytracker.com/id/1040707","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:49Z/"}],"url":"http://www.securitytracker.com/id/1040707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2830","reference_id":"CVE-2018-2830","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2830"},{"reference_url":"https://security.gentoo.org/glsa/201805-08","reference_id":"GLSA-201805-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:49Z/"}],"url":"https://security.gentoo.org/glsa/201805-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942214?format=json","purl":"pkg:deb/debian/virtualbox@5.2.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2830"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7zj-kgmx-gbch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33892?format=json","vulnerability_id":"VCID-u8r5-ru5x-e7fp","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2698","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37907","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37951","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2698"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:58Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:41:58Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2698"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8r5-ru5x-e7fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/158796?format=json","vulnerability_id":"VCID-ucb5-szgt-n3de","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00130.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T18:55:46Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00130.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T18:55:46Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0678","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29699","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29701","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29666","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29734","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2978","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29599","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29662","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0678"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T18:55:46Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"},{"reference_url":"http://www.securitytracker.com/id/1035607","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T18:55:46Z/"}],"url":"http://www.securitytracker.com/id/1035607"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:5.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:5.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0678","reference_id":"CVE-2016-0678","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:P/A:P"},{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0678"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942204?format=json","purl":"pkg:deb/debian/virtualbox@5.0.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.0.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2016-0678"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucb5-szgt-n3de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37823?format=json","vulnerability_id":"VCID-uga2-91s8-ufck","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14889","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16884","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17031","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17013","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16864","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17085","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16867","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16956","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14889"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:42:55Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942223?format=json","purl":"pkg:deb/debian/virtualbox@6.1.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14889"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uga2-91s8-ufck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73584?format=json","vulnerability_id":"VCID-uk8u-t1km-zqd6","summary":"core: From CVEorg collector","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21263.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21263.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21263","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23382","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23476","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23437","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23513","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23549","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23333","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23406","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23456","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21263"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085440","reference_id":"1085440","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085440"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318920","reference_id":"2318920","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318920"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942241?format=json","purl":"pkg:deb/debian/virtualbox@7.0.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21263"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uk8u-t1km-zqd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47446?format=json","vulnerability_id":"VCID-upn9-pff4-ukg4","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"3.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:18Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2748","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21785","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21838","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21591","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21667","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21725","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21736","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21696","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21611","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2748"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"3.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:18Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-506/","reference_id":"","reference_type":"","scores":[{"value":"3.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:18Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-506/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2748","reference_id":"CVE-2020-2748","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"3.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2748"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"3.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:18Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2748"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upn9-pff4-ukg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43252?format=json","vulnerability_id":"VCID-urn6-pugx-pudm","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2442","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28535","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28584","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28624","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28627","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28583","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28581","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28668","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28713","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28519","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2442"},{"reference_url":"https://security.archlinux.org/ASA-202107-52","reference_id":"ASA-202107-52","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-52"},{"reference_url":"https://security.archlinux.org/AVG-2187","reference_id":"AVG-2187","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2187"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T19:15:26Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942228?format=json","purl":"pkg:deb/debian/virtualbox@6.1.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2442"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urn6-pugx-pudm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330585?format=json","vulnerability_id":"VCID-urqu-t1ke-j3aw","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53025","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08644","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08423","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08396","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08468","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08487","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0868","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53025"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373","reference_id":"1109373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109373"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-15T20:01:06Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942242?format=json","purl":"pkg:deb/debian/virtualbox@7.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2025-53025"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urqu-t1ke-j3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47440?format=json","vulnerability_id":"VCID-uvp9-fefd-9kgq","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14715","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26119","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26287","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26215","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26224","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26178","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26207","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26328","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26167","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14715"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:08Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:08Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:46:08Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14715"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvp9-fefd-9kgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43236?format=json","vulnerability_id":"VCID-uvz8-g6m2-6yd4","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2409","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23845","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24002","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23788","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23854","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.239","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23917","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23873","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23819","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23965","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2409"},{"reference_url":"https://security.archlinux.org/ASA-202107-52","reference_id":"ASA-202107-52","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-52"},{"reference_url":"https://security.archlinux.org/AVG-2187","reference_id":"AVG-2187","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2187"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T13:58:09Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-21-888/","reference_id":"ZDI-21-888","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T13:58:09Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-888/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942228?format=json","purl":"pkg:deb/debian/virtualbox@6.1.26-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.26-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2409"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvz8-g6m2-6yd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47393?format=json","vulnerability_id":"VCID-v1gj-3p1p-1yep","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2850","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42716","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42718","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42646","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42744","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42684","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42748","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2850"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:16:13Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:16:13Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2850"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1gj-3p1p-1yep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184495?format=json","vulnerability_id":"VCID-v1k2-6k5x-hqgb","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3089","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3089"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:24Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/104764","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:24Z/"}],"url":"http://www.securityfocus.com/bid/104764"},{"reference_url":"http://www.securitytracker.com/id/1041296","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:24Z/"}],"url":"http://www.securitytracker.com/id/1041296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3089","reference_id":"CVE-2018-3089","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3089"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942216?format=json","purl":"pkg:deb/debian/virtualbox@5.2.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3089"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1k2-6k5x-hqgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147940?format=json","vulnerability_id":"VCID-v418-2cz8-eyby","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2488","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31025","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31031","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31156","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31203","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31022","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31078","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31107","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31114","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.3107","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2488"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939","reference_id":"754939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2488","reference_id":"CVE-2014-2488","reference_type":"","scores":[{"value":"1.0","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2488"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942194?format=json","purl":"pkg:deb/debian/virtualbox@4.3.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-2488"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v418-2cz8-eyby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43380?format=json","vulnerability_id":"VCID-v4bm-hyfq-gygs","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21554","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.2948","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29605","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29474","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29537","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29576","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29578","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29532","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29653","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21554"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:07:08Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942232?format=json","purl":"pkg:deb/debian/virtualbox@6.1.36-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.36-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21554"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4bm-hyfq-gygs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4140?format=json","vulnerability_id":"VCID-v8fp-rzfq-e3bs","summary":"Information leak via side effects of speculative execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5715.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5715","reference_id":"","reference_type":"","scores":[{"value":"0.88597","scoring_system":"epss","scoring_elements":"0.99501","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88597","scoring_system":"epss","scoring_elements":"0.995","published_at":"2026-04-02T12:55:00Z"},{"value":"0.89094","scoring_system":"epss","scoring_elements":"0.9953","published_at":"2026-04-13T12:55:00Z"},{"value":"0.89094","scoring_system":"epss","scoring_elements":"0.99529","published_at":"2026-04-09T12:55:00Z"},{"value":"0.89198","scoring_system":"epss","scoring_elements":"0.99534","published_at":"2026-04-08T12:55:00Z"},{"value":"0.89198","scoring_system":"epss","scoring_elements":"0.99533","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15119","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15268","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15268"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18216"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1065","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1065"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10981","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10981"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10982","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10982"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5683","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5683"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8781","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:C/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/102376","reference_id":"102376","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://www.securityfocus.com/bid/102376"},{"reference_url":"http://www.securitytracker.com/id/1040071","reference_id":"1040071","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://www.securitytracker.com/id/1040071"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1519780","reference_id":"1519780","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1519780"},{"reference_url":"https://www.kb.cert.org/vuls/id/180049","reference_id":"180049","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://www.kb.cert.org/vuls/id/180049"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/36","reference_id":"36","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://seclists.org/bugtraq/2019/Jun/36"},{"reference_url":"https://www.exploit-db.com/exploits/43427/","reference_id":"43427","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://www.exploit-db.com/exploits/43427/"},{"reference_url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4609","reference_id":"4609","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4609"},{"reference_url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4611","reference_id":"4611","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4611"},{"reference_url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4613","reference_id":"4613","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4613"},{"reference_url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4614","reference_id":"4614","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4614"},{"reference_url":"http://www.kb.cert.org/vuls/id/584653","reference_id":"584653","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://www.kb.cert.org/vuls/id/584653"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886532","reference_id":"886532","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886532"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886852","reference_id":"886852","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886852"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002","reference_id":"ADV180002","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"},{"reference_url":"http://xenbits.xen.org/xsa/advisory-254.html","reference_id":"advisory-254.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://xenbits.xen.org/xsa/advisory-254.html"},{"reference_url":"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr","reference_id":"advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt","reference_id":"ARUBA-PSA-2018-001.txt","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt","reference_id":"ARUBA-PSA-2019-003.txt","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"},{"reference_url":"https://security.archlinux.org/ASA-201801-10","reference_id":"ASA-201801-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-10"},{"reference_url":"https://security.archlinux.org/AVG-557","reference_id":"AVG-557","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-557"},{"reference_url":"https://security.archlinux.org/AVG-558","reference_id":"AVG-558","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-558"},{"reference_url":"https://security.archlinux.org/AVG-559","reference_id":"AVG-559","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-559"},{"reference_url":"https://security.archlinux.org/AVG-582","reference_id":"AVG-582","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-582"},{"reference_url":"https://security.archlinux.org/AVG-583","reference_id":"AVG-583","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-583"},{"reference_url":"https://security.archlinux.org/AVG-987","reference_id":"AVG-987","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-987"},{"reference_url":"https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/","reference_id":"AWS-2018-013","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel","reference_id":"cisco-sa-20180104-cpusidechannel","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"},{"reference_url":"https://support.citrix.com/article/CTX231399","reference_id":"CTX231399","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://support.citrix.com/article/CTX231399"},{"reference_url":"https://security.paloaltonetworks.com/CVE-2017-5715","reference_id":"CVE-2017-5715","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://security.paloaltonetworks.com/CVE-2017-5715"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43427.c","reference_id":"CVE-2017-5753;CVE-2017-5715","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43427.c"},{"reference_url":"https://spectreattack.com/spectre.pdf","reference_id":"CVE-2017-5753;CVE-2017-5715","reference_type":"exploit","scores":[],"url":"https://spectreattack.com/spectre.pdf"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us","reference_id":"display?docId=emr_na-hpesbhf03805en_us","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us","reference_id":"display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us"},{"reference_url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc","reference_id":"FreeBSD-SA-18:03.speculative_execution.asc","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"},{"reference_url":"https://security.gentoo.org/glsa/201804-08","reference_id":"GLSA-201804-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-08"},{"reference_url":"https://security.gentoo.org/glsa/201810-06","reference_id":"GLSA-201810-06","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://security.gentoo.org/glsa/201810-06"},{"reference_url":"https://support.f5.com/csp/article/K91229003","reference_id":"K91229003","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://support.f5.com/csp/article/K91229003"},{"reference_url":"https://support.lenovo.com/us/en/solutions/LEN-18282","reference_id":"LEN-18282","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://support.lenovo.com/us/en/solutions/LEN-18282"},{"reference_url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001","reference_id":"mitel-product-security-advisory-18-0001","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"},{"reference_url":"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/","reference_id":"mitigations-landing-new-class-timing-attack","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html","reference_id":"msg00002.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html","reference_id":"msg00003.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html","reference_id":"msg00009.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html","reference_id":"msg00012.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html","reference_id":"msg00013.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180104-0001/","reference_id":"ntap-20180104-0001","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180104-0001/"},{"reference_url":"https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html","reference_id":"reading-privileged-memory-with-side.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0016","reference_id":"RHSA-2018:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0017","reference_id":"RHSA-2018:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0018","reference_id":"RHSA-2018:0018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0020","reference_id":"RHSA-2018:0020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0021","reference_id":"RHSA-2018:0021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0022","reference_id":"RHSA-2018:0022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0023","reference_id":"RHSA-2018:0023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0027","reference_id":"RHSA-2018:0027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0027"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0028","reference_id":"RHSA-2018:0028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0292","reference_id":"RHSA-2018:0292","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:0292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1062","reference_id":"RHSA-2018:1062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1129","reference_id":"RHSA-2018:1129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1130","reference_id":"RHSA-2018:1130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1196","reference_id":"RHSA-2018:1196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1216","reference_id":"RHSA-2018:1216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1252","reference_id":"RHSA-2018:1252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1319","reference_id":"RHSA-2018:1319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1346","reference_id":"RHSA-2018:1346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1967","reference_id":"RHSA-2018:1967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1967"},{"reference_url":"https://spectreattack.com/","reference_id":"spectreattack.com","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://spectreattack.com/"},{"reference_url":"http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html","reference_id":"Spectre-Information-Disclosure-Proof-Of-Concept.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"},{"reference_url":"https://access.redhat.com/security/vulnerabilities/speculativeexecution","reference_id":"speculativeexecution","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://access.redhat.com/security/vulnerabilities/speculativeexecution"},{"reference_url":"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability","reference_id":"speculative-processor-vulnerability","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf","reference_id":"ssa-608355.pdf","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"},{"reference_url":"https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/","reference_id":"suse-addresses-meltdown-spectre-vulnerabilities","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"},{"reference_url":"https://www.synology.com/support/security/Synology_SA_18_01","reference_id":"Synology_SA_18_01","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://www.synology.com/support/security/Synology_SA_18_01"},{"reference_url":"https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html","reference_id":"todays-cpu-vulnerability-what-you-need.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"},{"reference_url":"https://usn.ubuntu.com/usn/usn-3516-1/","reference_id":"usn-3516-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/usn/usn-3516-1/"},{"reference_url":"https://usn.ubuntu.com/3516-1/","reference_id":"USN-3516-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3516-1/"},{"reference_url":"https://usn.ubuntu.com/3530-1/","reference_id":"USN-3530-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3530-1/"},{"reference_url":"https://usn.ubuntu.com/3531-1/","reference_id":"USN-3531-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3531-1/"},{"reference_url":"https://usn.ubuntu.com/3531-3/","reference_id":"USN-3531-3","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3531-3/"},{"reference_url":"https://usn.ubuntu.com/3540-1/","reference_id":"USN-3540-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3540-1/"},{"reference_url":"https://usn.ubuntu.com/3540-2/","reference_id":"USN-3540-2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3540-2/"},{"reference_url":"https://usn.ubuntu.com/3541-1/","reference_id":"USN-3541-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3541-1/"},{"reference_url":"https://usn.ubuntu.com/3541-2/","reference_id":"USN-3541-2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3541-2/"},{"reference_url":"https://usn.ubuntu.com/3542-1/","reference_id":"USN-3542-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3542-1/"},{"reference_url":"https://usn.ubuntu.com/3542-2/","reference_id":"USN-3542-2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3542-2/"},{"reference_url":"https://usn.ubuntu.com/3549-1/","reference_id":"USN-3549-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3549-1/"},{"reference_url":"https://usn.ubuntu.com/3560-1/","reference_id":"USN-3560-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3560-1/"},{"reference_url":"https://usn.ubuntu.com/3561-1/","reference_id":"USN-3561-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3561-1/"},{"reference_url":"https://usn.ubuntu.com/3580-1/","reference_id":"USN-3580-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3580-1/"},{"reference_url":"https://usn.ubuntu.com/3581-1/","reference_id":"USN-3581-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3581-1/"},{"reference_url":"https://usn.ubuntu.com/3581-2/","reference_id":"USN-3581-2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3581-2/"},{"reference_url":"https://usn.ubuntu.com/3582-1/","reference_id":"USN-3582-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3582-1/"},{"reference_url":"https://usn.ubuntu.com/3582-2/","reference_id":"USN-3582-2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3582-2/"},{"reference_url":"https://usn.ubuntu.com/3594-1/","reference_id":"USN-3594-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3594-1/"},{"reference_url":"https://usn.ubuntu.com/3597-1/","reference_id":"USN-3597-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3597-1/"},{"reference_url":"https://usn.ubuntu.com/3597-2/","reference_id":"USN-3597-2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3597-2/"},{"reference_url":"https://usn.ubuntu.com/3620-2/","reference_id":"USN-3620-2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3620-2/"},{"reference_url":"https://usn.ubuntu.com/3690-1/","reference_id":"USN-3690-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3690-1/"},{"reference_url":"https://usn.ubuntu.com/3777-3/","reference_id":"USN-3777-3","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://usn.ubuntu.com/3777-3/"},{"reference_url":"https://cert.vde.com/en-us/advisories/vde-2018-002","reference_id":"vde-2018-002","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://cert.vde.com/en-us/advisories/vde-2018-002"},{"reference_url":"https://cert.vde.com/en-us/advisories/vde-2018-003","reference_id":"vde-2018-003","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://cert.vde.com/en-us/advisories/vde-2018-003"},{"reference_url":"https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html","reference_id":"VMSA-2018-0002.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"},{"reference_url":"https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html","reference_id":"VMSA-2018-0004.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"},{"reference_url":"https://www.vmware.com/security/advisories/VMSA-2018-0007.html","reference_id":"VMSA-2018-0007.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:09Z/"}],"url":"https://www.vmware.com/security/advisories/VMSA-2018-0007.html"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-254.html","reference_id":"XSA-254","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-254.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942213?format=json","purl":"pkg:deb/debian/virtualbox@5.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-5715"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v8fp-rzfq-e3bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47413?format=json","vulnerability_id":"VCID-va8t-xvrn-kfec","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14646","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36852","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36902","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36918","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36926","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36891","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36832","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37024","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14646"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:56Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:56Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:56Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-888/","reference_id":"ZDI-20-888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:56Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-888/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14646"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-va8t-xvrn-kfec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47450?format=json","vulnerability_id":"VCID-vahw-w2sj-b3bh","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:36Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2905","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37907","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37926","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2905"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:36Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2905","reference_id":"CVE-2020-2905","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2905"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:36Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2905"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vahw-w2sj-b3bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144622?format=json","vulnerability_id":"VCID-vbg3-an3a-cfem","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3792","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47957","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47996","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48017","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47966","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48018","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48012","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48036","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48024","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3792"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715327","reference_id":"715327","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715327"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/38595.txt","reference_id":"CVE-2013-3792;OSVDB-94460","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/38595.txt"},{"reference_url":"https://www.securityfocus.com/bid/60794/info","reference_id":"CVE-2013-3792;OSVDB-94460","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/60794/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942191?format=json","purl":"pkg:deb/debian/virtualbox@4.2.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.2.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2013-3792"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbg3-an3a-cfem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184734?format=json","vulnerability_id":"VCID-vgkt-g8k1-4uct","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3287","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3287"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:04Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:04Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3287"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgkt-g8k1-4uct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203315?format=json","vulnerability_id":"VCID-vmc1-vb8g-yqcy","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:04Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:04Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2508","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38299","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38398","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38361","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38325","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38262","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38421","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38285","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38335","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2508"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:04Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:04Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2508","reference_id":"CVE-2019-2508","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:C"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2508"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2508"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmc1-vb8g-yqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171605?format=json","vulnerability_id":"VCID-vvr9-723e-4fcj","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3587","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49904","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49919","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49973","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49966","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49985","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49956","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49953","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49941","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49968","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3587"},{"reference_url":"https://www.exploit-db.com/exploits/41932/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:32Z/"}],"url":"https://www.exploit-db.com/exploits/41932/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:32Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"},{"reference_url":"http://www.securityfocus.com/bid/97750","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:32Z/"}],"url":"http://www.securityfocus.com/bid/97750"},{"reference_url":"http://www.securitytracker.com/id/1038288","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:32Z/"}],"url":"http://www.securitytracker.com/id/1038288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1227","reference_id":"CVE-2017-3587","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1227"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41932.cpp","reference_id":"CVE-2017-3587","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41932.cpp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3587","reference_id":"CVE-2017-3587","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:P/A:P"},{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3587"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942211?format=json","purl":"pkg:deb/debian/virtualbox@5.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3587"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vvr9-723e-4fcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43267?format=json","vulnerability_id":"VCID-w247-sjrb-qkfv","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35538","reference_id":"","reference_type":"","scores":[{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.4857","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48502","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48512","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48567","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48563","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48584","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48557","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48538","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.4856","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35538"},{"reference_url":"https://security.archlinux.org/ASA-202110-3","reference_id":"ASA-202110-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-3"},{"reference_url":"https://security.archlinux.org/AVG-2476","reference_id":"AVG-2476","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2476"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-25T19:25:05Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942195?format=json","purl":"pkg:deb/debian/virtualbox@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-35538"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w247-sjrb-qkfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37905?format=json","vulnerability_id":"VCID-w2dh-qrtu-7ue3","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2129","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33177","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33204","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33238","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33241","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.332","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33169","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33296","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33328","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33161","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2129"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-26T18:11:40Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2129"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2dh-qrtu-7ue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55713?format=json","vulnerability_id":"VCID-w48d-rr4m-sqac","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0404","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18474","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18674","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18388","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1847","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18523","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18475","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18424","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5892","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0407"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735410","reference_id":"735410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735410"},{"reference_url":"https://security.gentoo.org/glsa/201401-13","reference_id":"GLSA-201401-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942192?format=json","purl":"pkg:deb/debian/virtualbox@4.3.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2014-0404"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w48d-rr4m-sqac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47420?format=json","vulnerability_id":"VCID-wcsg-earr-87dm","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14674","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30254","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30392","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30248","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30308","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30342","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30302","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30363","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30438","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14674"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:49Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:49Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:49Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-896/","reference_id":"ZDI-20-896","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:54:49Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-896/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14674"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wcsg-earr-87dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184753?format=json","vulnerability_id":"VCID-wqgx-swqt-gfcz","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3298","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3298"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:50Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:50Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3298"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqgx-swqt-gfcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184745?format=json","vulnerability_id":"VCID-wqqw-mv61-p7ff","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3293","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63656","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3293"},{"reference_url":"http://www.securitytracker.com/id/1041887","reference_id":"1041887","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:56Z/"}],"url":"http://www.securitytracker.com/id/1041887"},{"reference_url":"http://www.securityfocus.com/bid/105619","reference_id":"105619","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:15:56Z/"}],"url":"http://www.securityfocus.com/bid/105619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942215?format=json","purl":"pkg:deb/debian/virtualbox@5.2.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3293"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqqw-mv61-p7ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203487?format=json","vulnerability_id":"VCID-wwca-1xwz-c7e5","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2656","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34061","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33956","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33718","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34092","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3395","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33991","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3398","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2656"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2656"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwca-1xwz-c7e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47392?format=json","vulnerability_id":"VCID-wxzp-7uu6-ukbu","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2848","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34921","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34843","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34713","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34947","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34827","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34872","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.349","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34903","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2848"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:16:15Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:16:15Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2848"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxzp-7uu6-ukbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184390?format=json","vulnerability_id":"VCID-wz9q-jwj2-m3c2","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3005","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59234","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59237","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59251","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5927","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59253","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59122","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59196","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59185","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3005"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:10:21Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/104764","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:10:21Z/"}],"url":"http://www.securityfocus.com/bid/104764"},{"reference_url":"http://www.securitytracker.com/id/1041296","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T18:10:21Z/"}],"url":"http://www.securitytracker.com/id/1041296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3005","reference_id":"CVE-2018-3005","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942216?format=json","purl":"pkg:deb/debian/virtualbox@5.2.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-3005"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wz9q-jwj2-m3c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203319?format=json","vulnerability_id":"VCID-x35w-ge5m-rbar","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-02T15:53:29Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-02T15:53:29Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2511","reference_id":"","reference_type":"","scores":[{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81281","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81282","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81303","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81289","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81218","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.8125","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81249","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81277","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2511"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-02T15:53:29Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106574","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-02T15:53:29Z/"}],"url":"http://www.securityfocus.com/bid/106574"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2511","reference_id":"CVE-2019-2511","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2511"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2511"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x35w-ge5m-rbar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203489?format=json","vulnerability_id":"VCID-x5x9-w5gw-1qh3","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2657","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34061","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33956","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33718","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34092","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3395","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33991","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3398","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2657"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2657"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5x9-w5gw-1qh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47443?format=json","vulnerability_id":"VCID-x72x-baf3-wfet","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:30Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2741","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28016","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28088","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28131","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27926","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27993","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28034","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2804","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27998","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27939","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2741"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:30Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-498/","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:30Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-498/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2741","reference_id":"CVE-2020-2741","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2741"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:00:30Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2741"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x72x-baf3-wfet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39937?format=json","vulnerability_id":"VCID-x9yp-dmxp-fkfg","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2689","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39329","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39366","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39348","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39179","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39389","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39303","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39358","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39375","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2689"},{"reference_url":"http://www.securityfocus.com/bid/102693","reference_id":"102693","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:26Z/"}],"url":"http://www.securityfocus.com/bid/102693"},{"reference_url":"http://www.securitytracker.com/id/1040202","reference_id":"1040202","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:20:26Z/"}],"url":"http://www.securitytracker.com/id/1040202"},{"reference_url":"https://security.gentoo.org/glsa/201802-01","reference_id":"GLSA-201802-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942213?format=json","purl":"pkg:deb/debian/virtualbox@5.2.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2689"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9yp-dmxp-fkfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47412?format=json","vulnerability_id":"VCID-xbus-k1re-k3cg","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14629","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37301","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37436","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37289","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37351","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37363","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37329","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37271","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3746","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14629"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:58:00Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html","reference_id":"msg00068.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:58:00Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html","reference_id":"msg00079.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:58:00Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-887/","reference_id":"ZDI-20-887","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:58:00Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-887/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942222?format=json","purl":"pkg:deb/debian/virtualbox@6.1.12-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.12-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-14629"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbus-k1re-k3cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47397?format=json","vulnerability_id":"VCID-xecm-fy4r-a7cs","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2865","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37041","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36939","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36871","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37074","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36953","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36966","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36974","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2865"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"cpujul2019-5072835.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:36Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:36Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942220?format=json","purl":"pkg:deb/debian/virtualbox@6.0.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2865"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xecm-fy4r-a7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48565?format=json","vulnerability_id":"VCID-xesb-ayzp-5bd4","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2843","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33441","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.3347","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33513","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33547","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.3354","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33499","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33475","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33598","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33631","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-2843"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:21:00Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.securityfocus.com/bid/103854","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:21:00Z/"}],"url":"http://www.securityfocus.com/bid/103854"},{"reference_url":"http://www.securitytracker.com/id/1040707","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:21:00Z/"}],"url":"http://www.securitytracker.com/id/1040707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2843","reference_id":"CVE-2018-2843","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2843"},{"reference_url":"https://security.gentoo.org/glsa/201805-08","reference_id":"GLSA-201805-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T19:21:00Z/"}],"url":"https://security.gentoo.org/glsa/201805-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942214?format=json","purl":"pkg:deb/debian/virtualbox@5.2.10-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.10-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2018-2843"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xesb-ayzp-5bd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43173?format=json","vulnerability_id":"VCID-xh4p-m9fs-y3eb","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2297","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25945","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26069","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25835","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25904","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25956","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25966","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25921","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25862","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26027","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2297"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:46Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-21-462/","reference_id":"ZDI-21-462","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:52:46Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-462/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2297"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xh4p-m9fs-y3eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47456?format=json","vulnerability_id":"VCID-xr9h-znb2-7beb","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:26Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2913","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43153","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43149","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43177","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43201","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4309","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2913"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:26Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2913","reference_id":"CVE-2020-2913","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2913"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:26Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2913"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xr9h-znb2-7beb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165556?format=json","vulnerability_id":"VCID-xsrj-jf8g-t3gk","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10407","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20864","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20884","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20945","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20961","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20918","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20882","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21032","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21088","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20804","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10407"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:42:11Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securityfocus.com/bid/101370","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:42:11Z/"}],"url":"http://www.securityfocus.com/bid/101370"},{"reference_url":"http://www.securitytracker.com/id/1039599","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:42:11Z/"}],"url":"http://www.securitytracker.com/id/1039599"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10407","reference_id":"CVE-2017-10407","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942210?format=json","purl":"pkg:deb/debian/virtualbox@5.1.30-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.30-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-10407"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsrj-jf8g-t3gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56415?format=json","vulnerability_id":"VCID-xxh2-rcth-ayae","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which might allow unauthorized changes to some critical or all\n    accessible data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3316","reference_id":"","reference_type":"","scores":[{"value":"0.02825","scoring_system":"epss","scoring_elements":"0.86101","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02825","scoring_system":"epss","scoring_elements":"0.86111","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02825","scoring_system":"epss","scoring_elements":"0.86146","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02825","scoring_system":"epss","scoring_elements":"0.86158","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02825","scoring_system":"epss","scoring_elements":"0.86171","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02825","scoring_system":"epss","scoring_elements":"0.8617","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02825","scoring_system":"epss","scoring_elements":"0.86166","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02825","scoring_system":"epss","scoring_elements":"0.86127","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3316"},{"reference_url":"http://www.securitytracker.com/id/1037638","reference_id":"1037638","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:06:00Z/"}],"url":"http://www.securitytracker.com/id/1037638"},{"reference_url":"https://www.exploit-db.com/exploits/41196/","reference_id":"41196","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:06:00Z/"}],"url":"https://www.exploit-db.com/exploits/41196/"},{"reference_url":"http://www.securityfocus.com/bid/95579","reference_id":"95579","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:06:00Z/"}],"url":"http://www.securityfocus.com/bid/95579"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","reference_id":"cpujan2017-2881727.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:06:00Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"},{"reference_url":"http://seclists.org/fulldisclosure/2017/Jan/75","reference_id":"CVE-2017-3316","reference_type":"exploit","scores":[],"url":"http://seclists.org/fulldisclosure/2017/Jan/75"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/41196.txt","reference_id":"CVE-2017-3316","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/41196.txt"},{"reference_url":"https://security.gentoo.org/glsa/201702-08","reference_id":"GLSA-201702-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:06:00Z/"}],"url":"https://security.gentoo.org/glsa/201702-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942208?format=json","purl":"pkg:deb/debian/virtualbox@5.1.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.1.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2017-3316"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxh2-rcth-ayae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37909?format=json","vulnerability_id":"VCID-xy4k-b4dy-n7gb","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2130","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38745","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38786","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38809","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38773","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38657","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38787","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38808","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38737","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2130"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:11Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2130"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xy4k-b4dy-n7gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33686?format=json","vulnerability_id":"VCID-xz6g-fayv-vudw","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21620","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47794","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47787","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47783","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47765","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47784","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47733","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21620"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T15:25:21Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-21620"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xz6g-fayv-vudw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43095?format=json","vulnerability_id":"VCID-y4xt-atn4-g7bv","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2266","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21992","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22078","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22093","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22052","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21951","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22112","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2216","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21943","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2266"},{"reference_url":"https://security.archlinux.org/ASA-202104-9","reference_id":"ASA-202104-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-9"},{"reference_url":"https://security.archlinux.org/AVG-1846","reference_id":"AVG-1846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1846"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:42:48Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942227?format=json","purl":"pkg:deb/debian/virtualbox@6.1.20-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.20-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2266"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y4xt-atn4-g7bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226946?format=json","vulnerability_id":"VCID-ya37-anz7-jbea","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21111","reference_id":"","reference_type":"","scores":[{"value":"0.09561","scoring_system":"epss","scoring_elements":"0.9286","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09561","scoring_system":"epss","scoring_elements":"0.92852","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09561","scoring_system":"epss","scoring_elements":"0.92855","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09561","scoring_system":"epss","scoring_elements":"0.92841","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09561","scoring_system":"epss","scoring_elements":"0.92845","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09561","scoring_system":"epss","scoring_elements":"0.92843","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21111"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2024.html","reference_id":"cpuapr2024.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-30T04:00:07Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2024.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/52287.C++","reference_id":"CVE-2024-21111","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/52287.C++"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942239?format=json","purl":"pkg:deb/debian/virtualbox@7.0.16-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.16-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2024-21111"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ya37-anz7-jbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203390?format=json","vulnerability_id":"VCID-yayq-xa1q-9kb9","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2574","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35478","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35399","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35278","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35502","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35385","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35431","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35465","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35422","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942219?format=json","purl":"pkg:deb/debian/virtualbox@6.0.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-2574"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yayq-xa1q-9kb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33885?format=json","vulnerability_id":"VCID-ymrq-asq4-xbhp","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2682","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37907","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37951","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2682"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:42:01Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-30T14:42:01Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942225?format=json","purl":"pkg:deb/debian/virtualbox@6.1.2-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.2-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2682"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymrq-asq4-xbhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43279?format=json","vulnerability_id":"VCID-yn5f-kds4-cygg","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35540","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29353","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29282","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29346","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29387","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29391","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29293","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29469","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35540"},{"reference_url":"https://security.archlinux.org/ASA-202110-3","reference_id":"ASA-202110-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-3"},{"reference_url":"https://security.archlinux.org/AVG-2476","reference_id":"AVG-2476","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2476"},{"reference_url":"https://security.gentoo.org/glsa/202208-36","reference_id":"GLSA-202208-36","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T19:15:06Z/"}],"url":"https://security.gentoo.org/glsa/202208-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942229?format=json","purl":"pkg:deb/debian/virtualbox@6.1.28-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.28-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-35540"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn5f-kds4-cygg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33876?format=json","vulnerability_id":"VCID-ynca-p4m9-8yc3","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3021","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28415","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28463","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28507","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28464","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28457","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28551","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28594","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28397","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3021"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:12Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3021","reference_id":"CVE-2019-3021","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3021"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:12Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:12Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942221?format=json","purl":"pkg:deb/debian/virtualbox@6.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-3021"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ynca-p4m9-8yc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33877?format=json","vulnerability_id":"VCID-ytbt-sss7-kydk","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3026","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30873","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30868","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30926","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30956","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30959","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30917","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30872","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.31002","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3105","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3026"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-19-917/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:08Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-917/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:08Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3026","reference_id":"CVE-2019-3026","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3026"},{"reference_url":"https://security.gentoo.org/glsa/202004-02","reference_id":"GLSA-202004-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:08Z/"}],"url":"https://security.gentoo.org/glsa/202004-02"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:13:08Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942221?format=json","purl":"pkg:deb/debian/virtualbox@6.0.14-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.0.14-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2019-3026"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytbt-sss7-kydk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/244226?format=json","vulnerability_id":"VCID-z24b-v1v2-wbab","summary":"A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25319","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06505","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0657","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06605","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06588","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06639","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06681","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06674","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06665","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25319"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942195?format=json","purl":"pkg:deb/debian/virtualbox@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-25319"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z24b-v1v2-wbab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37879?format=json","vulnerability_id":"VCID-zh97-w3pz-53cc","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2124","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40518","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40548","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40609","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40627","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40589","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.4057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40599","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40626","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-2124"},{"reference_url":"https://security.archlinux.org/ASA-202101-37","reference_id":"ASA-202101-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-37"},{"reference_url":"https://security.archlinux.org/AVG-1483","reference_id":"AVG-1483","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1483"},{"reference_url":"https://security.gentoo.org/glsa/202101-15","reference_id":"GLSA-202101-15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T17:53:19Z/"}],"url":"https://security.gentoo.org/glsa/202101-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942226?format=json","purl":"pkg:deb/debian/virtualbox@6.1.18-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.18-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2021-2124"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zh97-w3pz-53cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33693?format=json","vulnerability_id":"VCID-zpzy-wu5d-4uad","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39423","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20579","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20654","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20674","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20741","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20799","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20518","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20595","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39423"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T15:20:26Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942234?format=json","purl":"pkg:deb/debian/virtualbox@6.1.38-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.38-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2022-39423"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zpzy-wu5d-4uad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47454?format=json","vulnerability_id":"VCID-zsdc-b3u1-37f9","summary":"Multiple vulnerabilities have been found in VirtualBox, the worst\n    of which could allow an attacker to take control of VirtualBox.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:01:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2910","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40564","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40674","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40594","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40645","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40654","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40672","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40616","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40646","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2910"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:01:14Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2910","reference_id":"CVE-2020-2910","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:P/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2910"},{"reference_url":"https://security.gentoo.org/glsa/202101-09","reference_id":"GLSA-202101-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:01:14Z/"}],"url":"https://security.gentoo.org/glsa/202101-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942224?format=json","purl":"pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2020-2910"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zsdc-b3u1-37f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155657?format=json","vulnerability_id":"VCID-ztjt-g23a-6uee","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30, 4.3.26, and 5.0.0 allows local users to affect availability via unknown vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4856","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38886","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38789","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38922","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38943","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38873","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38926","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38939","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38951","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38913","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4856"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"},{"reference_url":"http://www.securitytracker.com/id/1033880","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1033880"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.0.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.1.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:4.3.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4856","reference_id":"CVE-2015-4856","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942201?format=json","purl":"pkg:deb/debian/virtualbox@5.0.0-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.0.0-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2015-4856"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztjt-g23a-6uee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287433?format=json","vulnerability_id":"VCID-zxkd-ypyr-77dr","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22000","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13171","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13222","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13302","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13366","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13243","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13293","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13261","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22000"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942236?format=json","purl":"pkg:deb/debian/virtualbox@7.0.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.0.8-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}],"aliases":["CVE-2023-22000"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxkd-ypyr-77dr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"}