{"url":"http://public2.vulnerablecode.io/api/packages/190160?format=json","purl":"pkg:ebuild/app-emulation/qemu@2.3.0-r4","type":"ebuild","namespace":"app-emulation","name":"qemu","version":"2.3.0-r4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.5.0-r1","latest_non_vulnerable_version":"8.0.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99145?format=json","vulnerability_id":"VCID-5e41-v564-xub1","summary":"Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3209.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3209","reference_id":"","reference_type":"","scores":[{"value":"0.18024","scoring_system":"epss","scoring_elements":"0.95288","published_at":"2026-06-04T12:55:00Z"},{"value":"0.18024","scoring_system":"epss","scoring_elements":"0.95296","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1225882","reference_id":"1225882","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1225882"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460","reference_id":"788460","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460"},{"reference_url":"https://security.gentoo.org/glsa/201510-02","reference_id":"GLSA-201510-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-02"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1087","reference_id":"RHSA-2015:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1088","reference_id":"RHSA-2015:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1089","reference_id":"RHSA-2015:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1189","reference_id":"RHSA-2015:1189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1189"},{"reference_url":"https://usn.ubuntu.com/2630-1/","reference_id":"USN-2630-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2630-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-135.html","reference_id":"XSA-135","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-135.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190160?format=json","purl":"pkg:ebuild/app-emulation/qemu@2.3.0-r4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/qemu@2.3.0-r4"}],"aliases":["CVE-2015-3209"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5e41-v564-xub1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78833?format=json","vulnerability_id":"VCID-d26x-7mqx-5kh5","summary":"The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3214.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3214","reference_id":"","reference_type":"","scores":[{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.82","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01593","scoring_system":"epss","scoring_elements":"0.82034","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1229640","reference_id":"1229640","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1229640"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795461","reference_id":"795461","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795461"},{"reference_url":"https://code.google.com/p/google-security-research/issues/detail?id=419#c4","reference_id":"CVE-2015-3214;OSVDB-123468","reference_type":"exploit","scores":[],"url":"https://code.google.com/p/google-security-research/issues/detail?id=419#c4"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/37990.txt","reference_id":"CVE-2015-3214;OSVDB-123468","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/37990.txt"},{"reference_url":"https://security.gentoo.org/glsa/201510-02","reference_id":"GLSA-201510-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1507","reference_id":"RHSA-2015:1507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1508","reference_id":"RHSA-2015:1508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1512","reference_id":"RHSA-2015:1512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1512"},{"reference_url":"https://usn.ubuntu.com/2692-1/","reference_id":"USN-2692-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2692-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190160?format=json","purl":"pkg:ebuild/app-emulation/qemu@2.3.0-r4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/qemu@2.3.0-r4"}],"aliases":["CVE-2015-3214"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d26x-7mqx-5kh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99152?format=json","vulnerability_id":"VCID-mtyw-7hrb-jyha","summary":"Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5154.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5154.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5154","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60187","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60234","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243563","reference_id":"1243563","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243563"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793811","reference_id":"793811","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793811"},{"reference_url":"https://security.gentoo.org/glsa/201510-02","reference_id":"GLSA-201510-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-02"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1507","reference_id":"RHSA-2015:1507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1508","reference_id":"RHSA-2015:1508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1512","reference_id":"RHSA-2015:1512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1512"},{"reference_url":"https://usn.ubuntu.com/2692-1/","reference_id":"USN-2692-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2692-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-138.html","reference_id":"XSA-138","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-138.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190160?format=json","purl":"pkg:ebuild/app-emulation/qemu@2.3.0-r4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/qemu@2.3.0-r4"}],"aliases":["CVE-2015-5154"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtyw-7hrb-jyha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99153?format=json","vulnerability_id":"VCID-vgfq-vf5j-7bf6","summary":"Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5158.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5158.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5158","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23873","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23967","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5158"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1244332","reference_id":"1244332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1244332"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793388","reference_id":"793388","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793388"},{"reference_url":"https://security.gentoo.org/glsa/201510-02","reference_id":"GLSA-201510-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-02"},{"reference_url":"https://usn.ubuntu.com/2692-1/","reference_id":"USN-2692-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2692-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190160?format=json","purl":"pkg:ebuild/app-emulation/qemu@2.3.0-r4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/qemu@2.3.0-r4"}],"aliases":["CVE-2015-5158"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgfq-vf5j-7bf6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/qemu@2.3.0-r4"}