{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","type":"ebuild","namespace":"app-emulation","name":"xen-pvgrub","version":"4.6.0-r9","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.7.1-r1","latest_non_vulnerable_version":"4.7.3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99151?format=json","vulnerability_id":"VCID-1h7w-s59u-dkbc","summary":"QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4106.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4106.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4106","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24638","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24739","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223859","reference_id":"1223859","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223859"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547","reference_id":"787547","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://usn.ubuntu.com/2630-1/","reference_id":"USN-2630-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2630-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-131.html","reference_id":"XSA-131","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-131.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-4106"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1h7w-s59u-dkbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106134?format=json","vulnerability_id":"VCID-1hyu-e9tj-t3bx","summary":"The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors.  NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6033.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6033.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6033","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21704","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21782","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6033"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-6033"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hyu-e9tj-t3bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106253?format=json","vulnerability_id":"VCID-1x7p-bz5v-1qhq","summary":"The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8339.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8339.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8339","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2663","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26734","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1284919","reference_id":"1284919","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1284919"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-159.html","reference_id":"XSA-159","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-159.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-8339"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1x7p-bz5v-1qhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106118?format=json","vulnerability_id":"VCID-3d6h-9r6r-7ydv","summary":"Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka \"Grant table hypercall infinite loop DoS vulnerability.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4539.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4539","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22538","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22622","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=870110","reference_id":"870110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=870110"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-24.html","reference_id":"XSA-24","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-24.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-4539"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3d6h-9r6r-7ydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95555?format=json","vulnerability_id":"VCID-4u9s-egzq-nkfh","summary":"Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7871.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7871","reference_id":"","reference_type":"","scores":[{"value":"0.83579","scoring_system":"epss","scoring_elements":"0.99299","published_at":"2026-06-04T12:55:00Z"},{"value":"0.83579","scoring_system":"epss","scoring_elements":"0.993","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274265","reference_id":"1274265","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274265"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7871"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4u9s-egzq-nkfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99165?format=json","vulnerability_id":"VCID-5bv8-re3s-7kg8","summary":"Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7504.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7504.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7504","reference_id":"","reference_type":"","scores":[{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64745","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64787","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1981","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1981"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1261461","reference_id":"1261461","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1261461"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806742","reference_id":"806742","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806742"},{"reference_url":"https://security.gentoo.org/glsa/201602-01","reference_id":"GLSA-201602-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201602-01"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2694","reference_id":"RHSA-2015:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2695","reference_id":"RHSA-2015:2695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2696","reference_id":"RHSA-2015:2696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2696"},{"reference_url":"https://usn.ubuntu.com/2828-1/","reference_id":"USN-2828-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2828-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-162.html","reference_id":"XSA-162","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-162.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7504"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bv8-re3s-7kg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99145?format=json","vulnerability_id":"VCID-5e41-v564-xub1","summary":"Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3209.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3209","reference_id":"","reference_type":"","scores":[{"value":"0.18024","scoring_system":"epss","scoring_elements":"0.95288","published_at":"2026-06-04T12:55:00Z"},{"value":"0.18024","scoring_system":"epss","scoring_elements":"0.95296","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1225882","reference_id":"1225882","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1225882"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460","reference_id":"788460","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460"},{"reference_url":"https://security.gentoo.org/glsa/201510-02","reference_id":"GLSA-201510-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-02"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1087","reference_id":"RHSA-2015:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1088","reference_id":"RHSA-2015:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1089","reference_id":"RHSA-2015:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1189","reference_id":"RHSA-2015:1189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1189"},{"reference_url":"https://usn.ubuntu.com/2630-1/","reference_id":"USN-2630-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2630-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-135.html","reference_id":"XSA-135","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-135.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-3209"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5e41-v564-xub1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99149?format=json","vulnerability_id":"VCID-5y2g-8eny-ekd6","summary":"Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4104.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4104.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4104","reference_id":"","reference_type":"","scores":[{"value":"0.08429","scoring_system":"epss","scoring_elements":"0.92482","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08429","scoring_system":"epss","scoring_elements":"0.92495","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223851","reference_id":"1223851","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223851"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547","reference_id":"787547","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://usn.ubuntu.com/2630-1/","reference_id":"USN-2630-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2630-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-129.html","reference_id":"XSA-129","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-129.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-4104"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5y2g-8eny-ekd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106137?format=json","vulnerability_id":"VCID-7td2-sf5w-ybc7","summary":"The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors.  NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6035.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6035","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28397","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28469","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6035"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-6035"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7td2-sf5w-ybc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106107?format=json","vulnerability_id":"VCID-8hcx-xfvm-2ue2","summary":"(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3497.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3497.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3497","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28387","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.2846","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-15.html","reference_id":"XSA-15","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-15.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-3497"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hcx-xfvm-2ue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78892?format=json","vulnerability_id":"VCID-8k1m-9p6x-4fhj","summary":"The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8552.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8552.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8552","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40622","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40702","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289128","reference_id":"1289128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289128"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://usn.ubuntu.com/2846-1/","reference_id":"USN-2846-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2846-1/"},{"reference_url":"https://usn.ubuntu.com/2847-1/","reference_id":"USN-2847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2847-1/"},{"reference_url":"https://usn.ubuntu.com/2848-1/","reference_id":"USN-2848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2848-1/"},{"reference_url":"https://usn.ubuntu.com/2849-1/","reference_id":"USN-2849-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2849-1/"},{"reference_url":"https://usn.ubuntu.com/2850-1/","reference_id":"USN-2850-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2850-1/"},{"reference_url":"https://usn.ubuntu.com/2851-1/","reference_id":"USN-2851-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2851-1/"},{"reference_url":"https://usn.ubuntu.com/2853-1/","reference_id":"USN-2853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2853-1/"},{"reference_url":"https://usn.ubuntu.com/2854-1/","reference_id":"USN-2854-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2854-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-157.html","reference_id":"XSA-157","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-157.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-8552"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8k1m-9p6x-4fhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106113?format=json","vulnerability_id":"VCID-8kq1-rskm-afez","summary":"Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an \"inappropriate deadline.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4535.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4535.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4535","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28166","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28237","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=870086","reference_id":"870086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=870086"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1540","reference_id":"RHSA-2012:1540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1540"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-20.html","reference_id":"XSA-20","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-20.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-4535"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8kq1-rskm-afez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106241?format=json","vulnerability_id":"VCID-8tg6-2qns-nkex","summary":"The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4164.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4164","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22342","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22427","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1226913","reference_id":"1226913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1226913"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721","reference_id":"795721","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-136.html","reference_id":"XSA-136","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-136.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-4164"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8tg6-2qns-nkex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106257?format=json","vulnerability_id":"VCID-8wt6-5dee-cfcd","summary":"Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8555.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8555.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8555","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68362","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68403","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289130","reference_id":"1289130","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289130"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-165.html","reference_id":"XSA-165","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-165.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-8555"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wt6-5dee-cfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106116?format=json","vulnerability_id":"VCID-93cc-vcu3-3qct","summary":"Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka \"Memory mapping failure DoS vulnerability.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4537.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4537.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4537","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28166","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28237","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=870101","reference_id":"870101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=870101"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1540","reference_id":"RHSA-2012:1540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1540"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-22.html","reference_id":"XSA-22","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-22.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-4537"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93cc-vcu3-3qct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99081?format=json","vulnerability_id":"VCID-c61e-4uev-xket","summary":"Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a \"device model's address space.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3515.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3515.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3515","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27324","published_at":"2026-06-04T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27393","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851252","reference_id":"851252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851252"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1233","reference_id":"RHSA-2012:1233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1234","reference_id":"RHSA-2012:1234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1235","reference_id":"RHSA-2012:1235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1236","reference_id":"RHSA-2012:1236","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1236"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1325","reference_id":"RHSA-2012:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1325"},{"reference_url":"https://usn.ubuntu.com/1590-1/","reference_id":"USN-1590-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1590-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-17.html","reference_id":"XSA-17","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-17.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-3515"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c61e-4uev-xket"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106117?format=json","vulnerability_id":"VCID-ceuu-4hjd-7qfx","summary":"The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4538.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4538.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4538","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17084","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1716","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=870106","reference_id":"870106","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=870106"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-23.html","reference_id":"XSA-23","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-23.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-4538"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ceuu-4hjd-7qfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106106?format=json","vulnerability_id":"VCID-dwmv-fd24-93by","summary":"XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3496.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3496.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3496","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26093","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26197","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851172","reference_id":"851172","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851172"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-14.html","reference_id":"XSA-14","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-14.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-3496"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dwmv-fd24-93by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99150?format=json","vulnerability_id":"VCID-fad8-awfx-yqfp","summary":"Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4105.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4105.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4105","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30731","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30804","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223853","reference_id":"1223853","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223853"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547","reference_id":"787547","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://usn.ubuntu.com/2630-1/","reference_id":"USN-2630-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2630-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-130.html","reference_id":"XSA-130","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-130.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-4105"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fad8-awfx-yqfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106132?format=json","vulnerability_id":"VCID-frp7-vf8h-6fcv","summary":"The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the \"bad_copy error path.\" NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6031.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6031.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6031","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18608","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18686","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6031"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-6031"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-frp7-vf8h-6fcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106236?format=json","vulnerability_id":"VCID-fuwh-rr8p-vybh","summary":"Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3259.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3259.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3259","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17812","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17891","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1238088","reference_id":"1238088","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1238088"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721","reference_id":"795721","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-137.html","reference_id":"XSA-137","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-137.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-3259"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuwh-rr8p-vybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106237?format=json","vulnerability_id":"VCID-g1wg-e5kd-ykda","summary":"Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3340.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3340.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3340","reference_id":"","reference_type":"","scores":[{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70768","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.7081","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1214035","reference_id":"1214035","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1214035"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784011","reference_id":"784011","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784011"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-132.html","reference_id":"XSA-132","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-132.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-3340"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1wg-e5kd-ykda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106112?format=json","vulnerability_id":"VCID-gspa-sqcd-83e3","summary":"The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor.  NOTE: this might be a duplicate of CVE-2007-0998.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4411.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4411.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4411","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2212","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=855140","reference_id":"855140","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=855140"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-19.html","reference_id":"XSA-19","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-19.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-4411"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gspa-sqcd-83e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78891?format=json","vulnerability_id":"VCID-jk3h-3xbk-qbcj","summary":"The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8551.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8551.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8551","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22173","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22257","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8551"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:M/Au:S/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289128","reference_id":"1289128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289128"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://usn.ubuntu.com/2846-1/","reference_id":"USN-2846-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2846-1/"},{"reference_url":"https://usn.ubuntu.com/2847-1/","reference_id":"USN-2847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2847-1/"},{"reference_url":"https://usn.ubuntu.com/2848-1/","reference_id":"USN-2848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2848-1/"},{"reference_url":"https://usn.ubuntu.com/2849-1/","reference_id":"USN-2849-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2849-1/"},{"reference_url":"https://usn.ubuntu.com/2850-1/","reference_id":"USN-2850-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2850-1/"},{"reference_url":"https://usn.ubuntu.com/2851-1/","reference_id":"USN-2851-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2851-1/"},{"reference_url":"https://usn.ubuntu.com/2853-1/","reference_id":"USN-2853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2853-1/"},{"reference_url":"https://usn.ubuntu.com/2854-1/","reference_id":"USN-2854-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2854-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-157.html","reference_id":"XSA-157","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-157.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-8551"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jk3h-3xbk-qbcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106251?format=json","vulnerability_id":"VCID-jwgp-7zgd-h3cp","summary":"The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to \"heavy memory pressure.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7972.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7972.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7972","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22104","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22188","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1276120","reference_id":"1276120","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1276120"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-153.html","reference_id":"XSA-153","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-153.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7972"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwgp-7zgd-h3cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99146?format=json","vulnerability_id":"VCID-kn3g-4r4n-9fab","summary":"The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3456.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3456.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3456","reference_id":"","reference_type":"","scores":[{"value":"0.19325","scoring_system":"epss","scoring_elements":"0.95492","published_at":"2026-06-04T12:55:00Z"},{"value":"0.19325","scoring_system":"epss","scoring_elements":"0.95499","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1218611","reference_id":"1218611","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1218611"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785424","reference_id":"785424","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785424"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/37053.c","reference_id":"CVE-2015-3456;OSVDB-122072","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/37053.c"},{"reference_url":"https://marc.info/?l=oss-security&m=143155206320935&w=2","reference_id":"CVE-2015-3456;OSVDB-122072","reference_type":"exploit","scores":[],"url":"https://marc.info/?l=oss-security&m=143155206320935&w=2"},{"reference_url":"https://security.gentoo.org/glsa/201602-01","reference_id":"GLSA-201602-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201602-01"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0998","reference_id":"RHSA-2015:0998","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0999","reference_id":"RHSA-2015:0999","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0999"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1000","reference_id":"RHSA-2015:1000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1001","reference_id":"RHSA-2015:1001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1002","reference_id":"RHSA-2015:1002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1003","reference_id":"RHSA-2015:1003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1004","reference_id":"RHSA-2015:1004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1011","reference_id":"RHSA-2015:1011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1031","reference_id":"RHSA-2015:1031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1031"},{"reference_url":"https://usn.ubuntu.com/2608-1/","reference_id":"USN-2608-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2608-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-133.html","reference_id":"XSA-133","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-133.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-3456"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kn3g-4r4n-9fab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99148?format=json","vulnerability_id":"VCID-krbw-dq3h-fya7","summary":"Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4103.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4103.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4103","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30731","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30804","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223846","reference_id":"1223846","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223846"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547","reference_id":"787547","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://usn.ubuntu.com/2630-1/","reference_id":"USN-2630-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2630-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-128.html","reference_id":"XSA-128","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-128.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-4103"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-krbw-dq3h-fya7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106131?format=json","vulnerability_id":"VCID-ktq4-y21k-qyf2","summary":"The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to \"broken locking checks\" in an \"error path.\" NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6030.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6030.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6030","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18596","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18674","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6030","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6030"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-6030"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktq4-y21k-qyf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106136?format=json","vulnerability_id":"VCID-mqvj-wu6y-c3hx","summary":"The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 \"do not check incoming guest output buffer pointers,\" which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors.  NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6034.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6034.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6034","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31647","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31717","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6034"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-6034"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqvj-wu6y-c3hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99152?format=json","vulnerability_id":"VCID-mtyw-7hrb-jyha","summary":"Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5154.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5154.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5154","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60187","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60234","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243563","reference_id":"1243563","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243563"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793811","reference_id":"793811","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793811"},{"reference_url":"https://security.gentoo.org/glsa/201510-02","reference_id":"GLSA-201510-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-02"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1507","reference_id":"RHSA-2015:1507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1508","reference_id":"RHSA-2015:1508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1512","reference_id":"RHSA-2015:1512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1512"},{"reference_url":"https://usn.ubuntu.com/2692-1/","reference_id":"USN-2692-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2692-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-138.html","reference_id":"XSA-138","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-138.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-5154"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtyw-7hrb-jyha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106139?format=json","vulnerability_id":"VCID-muzp-19u5-2qhq","summary":"The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors.  NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6036.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6036.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6036","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31906","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31979","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6036"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-6036"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-muzp-19u5-2qhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106248?format=json","vulnerability_id":"VCID-mz2m-xffe-a7a1","summary":"Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of \"teardowns\" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7969.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7969","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1761","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1769","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1272519","reference_id":"1272519","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1272519"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-149.html","reference_id":"XSA-149","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-149.html"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-151.html","reference_id":"XSA-151","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-151.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7969"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mz2m-xffe-a7a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106256?format=json","vulnerability_id":"VCID-nmwp-yn17-uqed","summary":"Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a \"write path.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8554.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8554.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8554","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19248","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19321","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8554"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289129","reference_id":"1289129","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289129"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-164.html","reference_id":"XSA-164","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-164.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-8554"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmwp-yn17-uqed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106247?format=json","vulnerability_id":"VCID-pa4v-zfya-gbb6","summary":"The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7835.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7835","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26488","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2659","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271971","reference_id":"1271971","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271971"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-148.html","reference_id":"XSA-148","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-148.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7835"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pa4v-zfya-gbb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106246?format=json","vulnerability_id":"VCID-pwk6-6gke-8fej","summary":"Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7814.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7814.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7814","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17535","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17615","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271630","reference_id":"1271630","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271630"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-147.html","reference_id":"XSA-147","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-147.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7814"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwk6-6gke-8fej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106102?format=json","vulnerability_id":"VCID-q1j7-878s-3ff4","summary":"The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3494.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3494","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29197","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29266","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851139","reference_id":"851139","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851139"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-12.html","reference_id":"XSA-12","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-12.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-3494"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q1j7-878s-3ff4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106133?format=json","vulnerability_id":"VCID-q1mv-gdfy-hfha","summary":"Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6032.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6032.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6032","reference_id":"","reference_type":"","scores":[{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28709","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28781","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6032"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-6032"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q1mv-gdfy-hfha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106265?format=json","vulnerability_id":"VCID-rujz-dyx2-xfhw","summary":"Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2270.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2270.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2270","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53121","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53183","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1304627","reference_id":"1304627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1304627"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-154.html","reference_id":"XSA-154","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-154.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2016-2270"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rujz-dyx2-xfhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106245?format=json","vulnerability_id":"VCID-s3t8-rwfb-ybec","summary":"Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7813.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7813","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22891","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22973","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271626","reference_id":"1271626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271626"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-146.html","reference_id":"XSA-146","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-146.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7813"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3t8-rwfb-ybec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106104?format=json","vulnerability_id":"VCID-scrz-m4nx-mkcr","summary":"The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3495.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3495.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3495","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23805","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23899","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851165","reference_id":"851165","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851165"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-13.html","reference_id":"XSA-13","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-13.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-3495"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scrz-m4nx-mkcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106254?format=json","vulnerability_id":"VCID-v4p6-uxvz-vqhq","summary":"The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8340.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8340.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8340","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22219","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22303","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1284919","reference_id":"1284919","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1284919"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-159.html","reference_id":"XSA-159","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-159.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-8340"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4p6-uxvz-vqhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106108?format=json","vulnerability_id":"VCID-vv5t-yn1y-kkfn","summary":"PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3498.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3498","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21024","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21107","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764","reference_id":"686764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851193","reference_id":"851193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851193"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-16.html","reference_id":"XSA-16","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-16.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-3498"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vv5t-yn1y-kkfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78890?format=json","vulnerability_id":"VCID-wfr5-35rk-tud5","summary":"Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8550.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8550.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8550","reference_id":"","reference_type":"","scores":[{"value":"0.15964","scoring_system":"epss","scoring_elements":"0.94887","published_at":"2026-06-04T12:55:00Z"},{"value":"0.15964","scoring_system":"epss","scoring_elements":"0.94895","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1981","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1981"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289125","reference_id":"1289125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289125"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809229","reference_id":"809229","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809229"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://usn.ubuntu.com/2846-1/","reference_id":"USN-2846-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2846-1/"},{"reference_url":"https://usn.ubuntu.com/2847-1/","reference_id":"USN-2847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2847-1/"},{"reference_url":"https://usn.ubuntu.com/2848-1/","reference_id":"USN-2848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2848-1/"},{"reference_url":"https://usn.ubuntu.com/2849-1/","reference_id":"USN-2849-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2849-1/"},{"reference_url":"https://usn.ubuntu.com/2850-1/","reference_id":"USN-2850-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2850-1/"},{"reference_url":"https://usn.ubuntu.com/2851-1/","reference_id":"USN-2851-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2851-1/"},{"reference_url":"https://usn.ubuntu.com/2853-1/","reference_id":"USN-2853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2853-1/"},{"reference_url":"https://usn.ubuntu.com/2854-1/","reference_id":"USN-2854-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2854-1/"},{"reference_url":"https://usn.ubuntu.com/2886-2/","reference_id":"USN-2886-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2886-2/"},{"reference_url":"https://usn.ubuntu.com/2891-1/","reference_id":"USN-2891-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2891-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-155.html","reference_id":"XSA-155","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-155.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-8550"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wfr5-35rk-tud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106255?format=json","vulnerability_id":"VCID-wndv-393s-v3hj","summary":"The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8341.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8341.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8341","reference_id":"","reference_type":"","scores":[{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67932","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67971","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:S/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1284933","reference_id":"1284933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1284933"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-160.html","reference_id":"XSA-160","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-160.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-8341"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wndv-393s-v3hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106250?format=json","vulnerability_id":"VCID-x6c3-u8aq-67g7","summary":"Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7971.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7971.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7971","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21446","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21527","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1272525","reference_id":"1272525","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1272525"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-152.html","reference_id":"XSA-152","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-152.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7971"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6c3-u8aq-67g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106230?format=json","vulnerability_id":"VCID-xewk-rbqw-hkeh","summary":"The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2151.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2151.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2151","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.466","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46666","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2045","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2045"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2151","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2151"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1196274","reference_id":"1196274","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1196274"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780227","reference_id":"780227","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780227"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0450","reference_id":"RHSA-2016:0450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0450"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-123.html","reference_id":"XSA-123","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-123.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-2151"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xewk-rbqw-hkeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106240?format=json","vulnerability_id":"VCID-xtxb-z38n-e3f5","summary":"GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4163.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4163.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4163","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30665","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30738","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1226290","reference_id":"1226290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1226290"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721","reference_id":"795721","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795721"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-134.html","reference_id":"XSA-134","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-134.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-4163"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xtxb-z38n-e3f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106244?format=json","vulnerability_id":"VCID-y77x-egqv-f3ab","summary":"The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7812.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7812.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7812","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22797","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22878","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271621","reference_id":"1271621","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271621"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-145.html","reference_id":"XSA-145","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-145.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7812"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y77x-egqv-f3ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106266?format=json","vulnerability_id":"VCID-yn5e-mtph-c7b4","summary":"VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2271.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2271.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2271","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20652","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20726","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2271"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1304628","reference_id":"1304628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1304628"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-170.html","reference_id":"XSA-170","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-170.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2016-2271"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn5e-mtph-c7b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106249?format=json","vulnerability_id":"VCID-ys5x-t9na-jbfn","summary":"The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a \"time-consuming linear scan,\" related to Populate-on-Demand.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7970.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7970","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22021","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22104","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1272529","reference_id":"1272529","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1272529"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-150.html","reference_id":"XSA-150","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-150.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7970"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ys5x-t9na-jbfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106115?format=json","vulnerability_id":"VCID-zxg4-754a-gfhd","summary":"The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4536.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4536.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4536","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24261","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24361","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=870096","reference_id":"870096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=870096"},{"reference_url":"https://security.gentoo.org/glsa/201309-24","reference_id":"GLSA-201309-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-24"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-21.html","reference_id":"XSA-21","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-21.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190839?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/190840?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.2.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2012-4536"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxg4-754a-gfhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106243?format=json","vulnerability_id":"VCID-zzhd-u555-qybz","summary":"libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7311.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7311.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7311","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20859","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20935","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265269","reference_id":"1265269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265269"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-142.html","reference_id":"XSA-142","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-142.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194751?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/194752?format=json","purl":"pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}],"aliases":["CVE-2015-7311"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zzhd-u555-qybz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/xen-pvgrub@4.6.0-r9"}