{"url":"http://public2.vulnerablecode.io/api/packages/272780?format=json","purl":"pkg:deb/debian/virtualbox@4.3.18-dfsg-3","type":"deb","namespace":"debian","name":"virtualbox","version":"4.3.18-dfsg-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.3.36-dfsg-1+deb8u1","latest_non_vulnerable_version":"4.3.36-dfsg-1+deb8u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103669?format=json","vulnerability_id":"VCID-48pn-dnr1-tue7","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0592","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25643","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25744","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25735","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0592"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272782?format=json","purl":"pkg:deb/debian/virtualbox@4.3.36-dfsg-1%2Bdeb8u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.36-dfsg-1%252Bdeb8u1"}],"aliases":["CVE-2016-0592"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48pn-dnr1-tue7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103665?format=json","vulnerability_id":"VCID-6j9c-zxde-9fdu","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4813","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17675","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17753","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17746","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4896"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272781?format=json","purl":"pkg:deb/debian/virtualbox@4.3.36-dfsg-1%2Bdeb8u1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48pn-dnr1-tue7"},{"vulnerability":"VCID-dd8y-kd49-dych"},{"vulnerability":"VCID-kcpk-8c1z-8bek"},{"vulnerability":"VCID-zhqk-mhmj-rud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.36-dfsg-1%252Bdeb8u1~bpo70%252B1"}],"aliases":["CVE-2015-4813"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6j9c-zxde-9fdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78884?format=json","vulnerability_id":"VCID-dd8y-kd49-dych","summary":"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8104.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8104.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8104","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55901","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55957","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55963","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592"},{"reference_url":"http://www.securitytracker.com/id/1034105","reference_id":"1034105","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.securitytracker.com/id/1034105"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1278496","reference_id":"1278496","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1278496"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html","reference_id":"172187.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html","reference_id":"172300.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html","reference_id":"172435.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/10/4","reference_id":"4","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/10/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/10/5","reference_id":"5","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/11/10/5"},{"reference_url":"http://www.securityfocus.com/bid/77524","reference_id":"77524","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.securityfocus.com/bid/77524"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"91787","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://xenbits.xen.org/xsa/advisory-156.html","reference_id":"advisory-156.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://xenbits.xen.org/xsa/advisory-156.html"},{"reference_url":"https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d","reference_id":"cbdb967af3d54993f5814f1cee0ed311a055377d","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d"},{"reference_url":"http://support.citrix.com/article/CTX202583","reference_id":"CTX202583","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://support.citrix.com/article/CTX202583"},{"reference_url":"http://support.citrix.com/article/CTX203879","reference_id":"CTX203879","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://support.citrix.com/article/CTX203879"},{"reference_url":"http://www.debian.org/security/2015/dsa-3414","reference_id":"dsa-3414","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.debian.org/security/2015/dsa-3414"},{"reference_url":"http://www.debian.org/security/2015/dsa-3426","reference_id":"dsa-3426","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.debian.org/security/2015/dsa-3426"},{"reference_url":"http://www.debian.org/security/2016/dsa-3454","reference_id":"dsa-3454","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.debian.org/security/2016/dsa-3454"},{"reference_url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d","reference_id":"?id=cbdb967af3d54993f5814f1cee0ed311a055377d","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d"},{"reference_url":"https://kb.juniper.net/JSA10783","reference_id":"JSA10783","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"https://kb.juniper.net/JSA10783"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"linuxbulletinjan2016-2867209.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html","reference_id":"msg00013.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html","reference_id":"msg00031.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html","reference_id":"msg00039.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html","reference_id":"msg00053.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"ovmbulletinjul2016-3090546.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2552","reference_id":"RHSA-2015:2552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2636","reference_id":"RHSA-2015:2636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2636"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2636.html","reference_id":"RHSA-2015-2636.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2636.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2645","reference_id":"RHSA-2015:2645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2645"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2645.html","reference_id":"RHSA-2015-2645.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2645.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0004","reference_id":"RHSA-2016:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0024","reference_id":"RHSA-2016:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0046","reference_id":"RHSA-2016:0046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0046"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0046.html","reference_id":"RHSA-2016-0046.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0046.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0103","reference_id":"RHSA-2016:0103","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0103"},{"reference_url":"https://usn.ubuntu.com/2840-1/","reference_id":"USN-2840-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2840-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2840-1","reference_id":"USN-2840-1","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2840-1"},{"reference_url":"https://usn.ubuntu.com/2841-1/","reference_id":"USN-2841-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2841-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2841-1","reference_id":"USN-2841-1","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2841-1"},{"reference_url":"https://usn.ubuntu.com/2841-2/","reference_id":"USN-2841-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2841-2/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2841-2","reference_id":"USN-2841-2","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2841-2"},{"reference_url":"https://usn.ubuntu.com/2842-1/","reference_id":"USN-2842-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2842-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2842-1","reference_id":"USN-2842-1","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2842-1"},{"reference_url":"https://usn.ubuntu.com/2842-2/","reference_id":"USN-2842-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2842-2/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2842-2","reference_id":"USN-2842-2","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2842-2"},{"reference_url":"https://usn.ubuntu.com/2843-1/","reference_id":"USN-2843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2843-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2843-1","reference_id":"USN-2843-1","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2843-1"},{"reference_url":"https://usn.ubuntu.com/2843-2/","reference_id":"USN-2843-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2843-2/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2843-2","reference_id":"USN-2843-2","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2843-2"},{"reference_url":"https://usn.ubuntu.com/2844-1/","reference_id":"USN-2844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2844-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2844-1","reference_id":"USN-2844-1","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:47:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2844-1"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-156.html","reference_id":"XSA-156","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-156.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272782?format=json","purl":"pkg:deb/debian/virtualbox@4.3.36-dfsg-1%2Bdeb8u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.36-dfsg-1%252Bdeb8u1"}],"aliases":["CVE-2015-8104"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dd8y-kd49-dych"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103668?format=json","vulnerability_id":"VCID-kcpk-8c1z-8bek","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0495","reference_id":"","reference_type":"","scores":[{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.77343","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.77372","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01001","scoring_system":"epss","scoring_elements":"0.77381","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272782?format=json","purl":"pkg:deb/debian/virtualbox@4.3.36-dfsg-1%2Bdeb8u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.36-dfsg-1%252Bdeb8u1"}],"aliases":["CVE-2016-0495"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcpk-8c1z-8bek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99146?format=json","vulnerability_id":"VCID-kn3g-4r4n-9fab","summary":"The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3456.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3456.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3456","reference_id":"","reference_type":"","scores":[{"value":"0.19325","scoring_system":"epss","scoring_elements":"0.95492","published_at":"2026-06-04T12:55:00Z"},{"value":"0.19325","scoring_system":"epss","scoring_elements":"0.95499","published_at":"2026-06-05T12:55:00Z"},{"value":"0.19325","scoring_system":"epss","scoring_elements":"0.95502","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1218611","reference_id":"1218611","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1218611"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785424","reference_id":"785424","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785424"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/37053.c","reference_id":"CVE-2015-3456;OSVDB-122072","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/37053.c"},{"reference_url":"https://marc.info/?l=oss-security&m=143155206320935&w=2","reference_id":"CVE-2015-3456;OSVDB-122072","reference_type":"exploit","scores":[],"url":"https://marc.info/?l=oss-security&m=143155206320935&w=2"},{"reference_url":"https://security.gentoo.org/glsa/201602-01","reference_id":"GLSA-201602-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201602-01"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://security.gentoo.org/glsa/201612-27","reference_id":"GLSA-201612-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0998","reference_id":"RHSA-2015:0998","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0999","reference_id":"RHSA-2015:0999","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0999"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1000","reference_id":"RHSA-2015:1000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1001","reference_id":"RHSA-2015:1001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1002","reference_id":"RHSA-2015:1002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1003","reference_id":"RHSA-2015:1003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1004","reference_id":"RHSA-2015:1004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1011","reference_id":"RHSA-2015:1011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1031","reference_id":"RHSA-2015:1031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1031"},{"reference_url":"https://usn.ubuntu.com/2608-1/","reference_id":"USN-2608-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2608-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-133.html","reference_id":"XSA-133","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-133.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272781?format=json","purl":"pkg:deb/debian/virtualbox@4.3.36-dfsg-1%2Bdeb8u1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48pn-dnr1-tue7"},{"vulnerability":"VCID-dd8y-kd49-dych"},{"vulnerability":"VCID-kcpk-8c1z-8bek"},{"vulnerability":"VCID-zhqk-mhmj-rud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.36-dfsg-1%252Bdeb8u1~bpo70%252B1"}],"aliases":["CVE-2015-3456"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kn3g-4r4n-9fab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103667?format=json","vulnerability_id":"VCID-mzer-q7ph-8kbj","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4896","reference_id":"","reference_type":"","scores":[{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.81461","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.81489","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01499","scoring_system":"epss","scoring_elements":"0.81491","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4896"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272781?format=json","purl":"pkg:deb/debian/virtualbox@4.3.36-dfsg-1%2Bdeb8u1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48pn-dnr1-tue7"},{"vulnerability":"VCID-dd8y-kd49-dych"},{"vulnerability":"VCID-kcpk-8c1z-8bek"},{"vulnerability":"VCID-zhqk-mhmj-rud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.36-dfsg-1%252Bdeb8u1~bpo70%252B1"}],"aliases":["CVE-2015-4896"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzer-q7ph-8kbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103664?format=json","vulnerability_id":"VCID-z87u-21fj-tyf5","summary":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2594","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32484","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32556","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32524","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2594"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2594","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2594"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792446","reference_id":"792446","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792446"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272781?format=json","purl":"pkg:deb/debian/virtualbox@4.3.36-dfsg-1%2Bdeb8u1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48pn-dnr1-tue7"},{"vulnerability":"VCID-dd8y-kd49-dych"},{"vulnerability":"VCID-kcpk-8c1z-8bek"},{"vulnerability":"VCID-zhqk-mhmj-rud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.36-dfsg-1%252Bdeb8u1~bpo70%252B1"}],"aliases":["CVE-2015-2594"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z87u-21fj-tyf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78857?format=json","vulnerability_id":"VCID-zhqk-mhmj-rud8","summary":"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5307.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5307.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5307","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26431","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26534","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26525","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277172","reference_id":"1277172","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277172"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620","reference_id":"823620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2552","reference_id":"RHSA-2015:2552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2587","reference_id":"RHSA-2015:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2636","reference_id":"RHSA-2015:2636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2645","reference_id":"RHSA-2015:2645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0004","reference_id":"RHSA-2016:0004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0024","reference_id":"RHSA-2016:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0046","reference_id":"RHSA-2016:0046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0046"},{"reference_url":"https://usn.ubuntu.com/2800-1/","reference_id":"USN-2800-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2800-1/"},{"reference_url":"https://usn.ubuntu.com/2801-1/","reference_id":"USN-2801-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2801-1/"},{"reference_url":"https://usn.ubuntu.com/2802-1/","reference_id":"USN-2802-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2802-1/"},{"reference_url":"https://usn.ubuntu.com/2803-1/","reference_id":"USN-2803-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2803-1/"},{"reference_url":"https://usn.ubuntu.com/2804-1/","reference_id":"USN-2804-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2804-1/"},{"reference_url":"https://usn.ubuntu.com/2805-1/","reference_id":"USN-2805-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2805-1/"},{"reference_url":"https://usn.ubuntu.com/2806-1/","reference_id":"USN-2806-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2806-1/"},{"reference_url":"https://usn.ubuntu.com/2807-1/","reference_id":"USN-2807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2807-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-156.html","reference_id":"XSA-156","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-156.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/272782?format=json","purl":"pkg:deb/debian/virtualbox@4.3.36-dfsg-1%2Bdeb8u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.36-dfsg-1%252Bdeb8u1"}],"aliases":["CVE-2015-5307"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhqk-mhmj-rud8"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@4.3.18-dfsg-3"}