{"url":"http://public2.vulnerablecode.io/api/packages/108761?format=json","purl":"pkg:rpm/redhat/qemu-kvm@2:0.12.1.2-2.506.el6_10?arch=1","type":"rpm","namespace":"redhat","name":"qemu-kvm","version":"2:0.12.1.2-2.506.el6_10","qualifiers":{"arch":"1"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56776?format=json","vulnerability_id":"VCID-1erd-fd8p-hqch","summary":"Multiple vulnerabilities have been found in QEMU, the worst of\n    which may allow an attacker to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13672.json","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13672","reference_id":"","reference_type":"","scores":[{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71226","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73671","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73704","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73586","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73609","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73582","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73618","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73653","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73626","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.7367","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73679","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9375"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:M/Au:S/C:N/I:N/A:P"},{"value":"3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1486560","reference_id":"1486560","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1486560"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873851","reference_id":"873851","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873851"},{"reference_url":"https://security.gentoo.org/glsa/201804-08","reference_id":"GLSA-201804-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0816","reference_id":"RHSA-2018:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1104","reference_id":"RHSA-2018:1104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1113","reference_id":"RHSA-2018:1113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2162","reference_id":"RHSA-2018:2162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2162"},{"reference_url":"https://usn.ubuntu.com/3575-1/","reference_id":"USN-3575-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3575-1/"}],"fixed_packages":[],"aliases":["CVE-2017-13672"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1erd-fd8p-hqch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4149?format=json","vulnerability_id":"VCID-75hg-p8uc-p7ex","summary":"Speculative Store Bypass","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3639.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3639.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3639","reference_id":"","reference_type":"","scores":[{"value":"0.39422","scoring_system":"epss","scoring_elements":"0.97277","published_at":"2026-04-02T12:55:00Z"},{"value":"0.39422","scoring_system":"epss","scoring_elements":"0.97282","published_at":"2026-04-04T12:55:00Z"},{"value":"0.39422","scoring_system":"epss","scoring_elements":"0.97272","published_at":"2026-04-01T12:55:00Z"},{"value":"0.46015","scoring_system":"epss","scoring_elements":"0.97629","published_at":"2026-04-11T12:55:00Z"},{"value":"0.46015","scoring_system":"epss","scoring_elements":"0.97631","published_at":"2026-04-12T12:55:00Z"},{"value":"0.46015","scoring_system":"epss","scoring_elements":"0.97632","published_at":"2026-04-13T12:55:00Z"},{"value":"0.46015","scoring_system":"epss","scoring_elements":"0.97639","published_at":"2026-04-16T12:55:00Z"},{"value":"0.46015","scoring_system":"epss","scoring_elements":"0.97642","published_at":"2026-04-26T12:55:00Z"},{"value":"0.46015","scoring_system":"epss","scoring_elements":"0.97641","published_at":"2026-04-24T12:55:00Z"},{"value":"0.46015","scoring_system":"epss","scoring_elements":"0.97647","published_at":"2026-04-29T12:55:00Z"},{"value":"0.46015","scoring_system":"epss","scoring_elements":"0.97619","published_at":"2026-04-07T12:55:00Z"},{"value":"0.46015","scoring_system":"epss","scoring_elements":"0.97624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.46015","scoring_system":"epss","scoring_elements":"0.97627","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3639"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566890","reference_id":"1566890","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566890"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1528","reference_id":"CVE-2018-3639","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/dos/44695.c","reference_id":"CVE-2018-3639","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/dos/44695.c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1629","reference_id":"RHSA-2018:1629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1630","reference_id":"RHSA-2018:1630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1632","reference_id":"RHSA-2018:1632","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1632"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1633","reference_id":"RHSA-2018:1633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1635","reference_id":"RHSA-2018:1635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1636","reference_id":"RHSA-2018:1636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1637","reference_id":"RHSA-2018:1637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1638","reference_id":"RHSA-2018:1638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1639","reference_id":"RHSA-2018:1639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1640","reference_id":"RHSA-2018:1640","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1640"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1641","reference_id":"RHSA-2018:1641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1642","reference_id":"RHSA-2018:1642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1643","reference_id":"RHSA-2018:1643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1644","reference_id":"RHSA-2018:1644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1645","reference_id":"RHSA-2018:1645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1646","reference_id":"RHSA-2018:1646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1647","reference_id":"RHSA-2018:1647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1648","reference_id":"RHSA-2018:1648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1649","reference_id":"RHSA-2018:1649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1650","reference_id":"RHSA-2018:1650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1650"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1651","reference_id":"RHSA-2018:1651","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1651"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1652","reference_id":"RHSA-2018:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1653","reference_id":"RHSA-2018:1653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1654","reference_id":"RHSA-2018:1654","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1655","reference_id":"RHSA-2018:1655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1656","reference_id":"RHSA-2018:1656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1657","reference_id":"RHSA-2018:1657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1658","reference_id":"RHSA-2018:1658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1658"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1659","reference_id":"RHSA-2018:1659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1660","reference_id":"RHSA-2018:1660","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1660"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1661","reference_id":"RHSA-2018:1661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1662","reference_id":"RHSA-2018:1662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1663","reference_id":"RHSA-2018:1663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1664","reference_id":"RHSA-2018:1664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1665","reference_id":"RHSA-2018:1665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1666","reference_id":"RHSA-2018:1666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1667","reference_id":"RHSA-2018:1667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1668","reference_id":"RHSA-2018:1668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1669","reference_id":"RHSA-2018:1669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1674","reference_id":"RHSA-2018:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1675","reference_id":"RHSA-2018:1675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1676","reference_id":"RHSA-2018:1676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1686","reference_id":"RHSA-2018:1686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1688","reference_id":"RHSA-2018:1688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1689","reference_id":"RHSA-2018:1689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1690","reference_id":"RHSA-2018:1690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1696","reference_id":"RHSA-2018:1696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1710","reference_id":"RHSA-2018:1710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1711","reference_id":"RHSA-2018:1711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1737","reference_id":"RHSA-2018:1737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1738","reference_id":"RHSA-2018:1738","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1826","reference_id":"RHSA-2018:1826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1854","reference_id":"RHSA-2018:1854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1965","reference_id":"RHSA-2018:1965","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1967","reference_id":"RHSA-2018:1967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1997","reference_id":"RHSA-2018:1997","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2001","reference_id":"RHSA-2018:2001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2003","reference_id":"RHSA-2018:2003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2006","reference_id":"RHSA-2018:2006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2060","reference_id":"RHSA-2018:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2161","reference_id":"RHSA-2018:2161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2162","reference_id":"RHSA-2018:2162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2164","reference_id":"RHSA-2018:2164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2171","reference_id":"RHSA-2018:2171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2172","reference_id":"RHSA-2018:2172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2216","reference_id":"RHSA-2018:2216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2228","reference_id":"RHSA-2018:2228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2246","reference_id":"RHSA-2018:2246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2250","reference_id":"RHSA-2018:2250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2258","reference_id":"RHSA-2018:2258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2289","reference_id":"RHSA-2018:2289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2309","reference_id":"RHSA-2018:2309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2328","reference_id":"RHSA-2018:2328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2363","reference_id":"RHSA-2018:2363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2364","reference_id":"RHSA-2018:2364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2387","reference_id":"RHSA-2018:2387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2394","reference_id":"RHSA-2018:2394","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2394"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2396","reference_id":"RHSA-2018:2396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2948","reference_id":"RHSA-2018:2948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3396","reference_id":"RHSA-2018:3396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3397","reference_id":"RHSA-2018:3397","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3397"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3398","reference_id":"RHSA-2018:3398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3398"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3399","reference_id":"RHSA-2018:3399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3400","reference_id":"RHSA-2018:3400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3401","reference_id":"RHSA-2018:3401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3402","reference_id":"RHSA-2018:3402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3407","reference_id":"RHSA-2018:3407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3423","reference_id":"RHSA-2018:3423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3424","reference_id":"RHSA-2018:3424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3425","reference_id":"RHSA-2018:3425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0148","reference_id":"RHSA-2019:0148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1046","reference_id":"RHSA-2019:1046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1046"},{"reference_url":"https://usn.ubuntu.com/3651-1/","reference_id":"USN-3651-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3651-1/"},{"reference_url":"https://usn.ubuntu.com/3652-1/","reference_id":"USN-3652-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3652-1/"},{"reference_url":"https://usn.ubuntu.com/3653-1/","reference_id":"USN-3653-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3653-1/"},{"reference_url":"https://usn.ubuntu.com/3653-2/","reference_id":"USN-3653-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3653-2/"},{"reference_url":"https://usn.ubuntu.com/3654-1/","reference_id":"USN-3654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3654-1/"},{"reference_url":"https://usn.ubuntu.com/3654-2/","reference_id":"USN-3654-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3654-2/"},{"reference_url":"https://usn.ubuntu.com/3655-1/","reference_id":"USN-3655-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3655-1/"},{"reference_url":"https://usn.ubuntu.com/3655-2/","reference_id":"USN-3655-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3655-2/"},{"reference_url":"https://usn.ubuntu.com/3679-1/","reference_id":"USN-3679-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3679-1/"},{"reference_url":"https://usn.ubuntu.com/3680-1/","reference_id":"USN-3680-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3680-1/"},{"reference_url":"https://usn.ubuntu.com/3756-1/","reference_id":"USN-3756-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3756-1/"},{"reference_url":"https://usn.ubuntu.com/3777-3/","reference_id":"USN-3777-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3777-3/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-263.html","reference_id":"XSA-263","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-263.html"}],"fixed_packages":[],"aliases":["CVE-2018-3639","XSA-263"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75hg-p8uc-p7ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56782?format=json","vulnerability_id":"VCID-jnxy-g6wu-8ubu","summary":"Multiple vulnerabilities have been found in QEMU, the worst of\n    which may allow an attacker to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5683.json","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5683.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5683","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07573","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07682","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07714","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07681","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0774","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07759","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07758","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07744","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08059","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08117","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08025","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0801","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08167","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08123","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08086","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5683"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15119","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15268","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15268"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5683","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5683"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7550"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1530356","reference_id":"1530356","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1530356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887392","reference_id":"887392","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887392"},{"reference_url":"https://security.gentoo.org/glsa/201804-08","reference_id":"GLSA-201804-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0816","reference_id":"RHSA-2018:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1104","reference_id":"RHSA-2018:1104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1113","reference_id":"RHSA-2018:1113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2162","reference_id":"RHSA-2018:2162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2162"},{"reference_url":"https://usn.ubuntu.com/3575-1/","reference_id":"USN-3575-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3575-1/"}],"fixed_packages":[],"aliases":["CVE-2018-5683"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jnxy-g6wu-8ubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83605?format=json","vulnerability_id":"VCID-jq6v-ra9m-sqgz","summary":"QEMU: cirrus: OOB access when updating VGA display","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7858.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7858.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7858","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17159","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17324","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17372","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17151","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17242","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.173","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17314","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17264","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17205","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17144","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1715","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1709","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17017","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7858"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553402","reference_id":"1553402","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553402"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892497","reference_id":"892497","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1369","reference_id":"RHSA-2018:1369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1416","reference_id":"RHSA-2018:1416","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1643","reference_id":"RHSA-2018:1643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1644","reference_id":"RHSA-2018:1644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1645","reference_id":"RHSA-2018:1645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1646","reference_id":"RHSA-2018:1646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2162","reference_id":"RHSA-2018:2162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2162"},{"reference_url":"https://usn.ubuntu.com/3649-1/","reference_id":"USN-3649-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3649-1/"}],"fixed_packages":[],"aliases":["CVE-2018-7858"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jq6v-ra9m-sqgz"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/qemu-kvm@2:0.12.1.2-2.506.el6_10%3Farch=1"}