Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
Typeapk
Namespacealpine
Namexen
Version4.11.1-r0
Qualifiers
arch armv7
distroversion v3.9
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.11.1-r2
Latest_non_vulnerable_version4.11.4-r2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-47em-hxbk-jye7
vulnerability_id VCID-47em-hxbk-jye7
summary An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18883.json
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18883.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-18883
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38167
published_at 2026-06-04T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38255
published_at 2026-06-05T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38258
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-18883
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18883
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18883
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1643116
reference_id 1643116
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1643116
5
reference_url https://xenbits.xen.org/xsa/advisory-278.html
reference_id XSA-278
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-278.html
fixed_packages
0
url pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main
aliases CVE-2018-18883, XSA-278
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47em-hxbk-jye7
1
url VCID-77s9-h9s5-jqg8
vulnerability_id VCID-77s9-h9s5-jqg8
summary An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19965.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19965
reference_id
reference_type
scores
0
value 0.0018
scoring_system epss
scoring_elements 0.39286
published_at 2026-06-04T12:55:00Z
1
value 0.0018
scoring_system epss
scoring_elements 0.39375
published_at 2026-06-05T12:55:00Z
2
value 0.0018
scoring_system epss
scoring_elements 0.3938
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19965
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1647588
reference_id 1647588
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1647588
8
reference_url https://xenbits.xen.org/xsa/advisory-279.html
reference_id XSA-279
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-279.html
fixed_packages
0
url pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main
aliases CVE-2018-19965, XSA-279
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-77s9-h9s5-jqg8
2
url VCID-g8xv-up2a-8kek
vulnerability_id VCID-g8xv-up2a-8kek
summary An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19963.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19963.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19963
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16275
published_at 2026-06-04T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.16357
published_at 2026-06-05T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.16356
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19963
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19963
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19963
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1652231
reference_id 1652231
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1652231
5
reference_url https://xenbits.xen.org/xsa/advisory-276.html
reference_id XSA-276
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-276.html
fixed_packages
0
url pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main
aliases CVE-2018-19963, XSA-276
risk_score 2.3
exploitability 0.5
weighted_severity 4.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8xv-up2a-8kek
3
url VCID-j8n3-djnz-g7f3
vulnerability_id VCID-j8n3-djnz-g7f3
summary An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19966.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19966.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19966
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31059
published_at 2026-06-04T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31124
published_at 2026-06-05T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31091
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19966
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1652235
reference_id 1652235
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1652235
9
reference_url https://xenbits.xen.org/xsa/advisory-280.html
reference_id XSA-280
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-280.html
fixed_packages
0
url pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main
aliases CVE-2018-19966, XSA-280
risk_score 2.3
exploitability 0.5
weighted_severity 4.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8n3-djnz-g7f3
4
url VCID-mck5-6qme-mbgz
vulnerability_id VCID-mck5-6qme-mbgz
summary An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19964.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19964.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19964
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31122
published_at 2026-06-04T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31189
published_at 2026-06-05T12:55:00Z
2
value 0.00124
scoring_system epss
scoring_elements 0.31156
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19964
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19964
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19964
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1652227
reference_id 1652227
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1652227
5
reference_url https://xenbits.xen.org/xsa/advisory-277.html
reference_id XSA-277
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-277.html
fixed_packages
0
url pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main
aliases CVE-2018-19964, XSA-277
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mck5-6qme-mbgz
5
url VCID-mxev-xz4c-4kft
vulnerability_id VCID-mxev-xz4c-4kft
summary An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19962.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19962.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19962
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39468
published_at 2026-06-04T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39555
published_at 2026-06-05T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39559
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19962
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1647573
reference_id 1647573
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1647573
9
reference_url https://xenbits.xen.org/xsa/advisory-275.html
reference_id XSA-275
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-275.html
fixed_packages
0
url pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main
aliases CVE-2018-19962, XSA-275
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxev-xz4c-4kft
6
url VCID-ryde-cb98-ukgq
vulnerability_id VCID-ryde-cb98-ukgq
summary An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15469.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15469.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-15469
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.3968
published_at 2026-06-04T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39766
published_at 2026-06-05T12:55:00Z
2
value 0.00182
scoring_system epss
scoring_elements 0.39769
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-15469
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1610543
reference_id 1610543
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1610543
8
reference_url https://security.gentoo.org/glsa/201810-06
reference_id GLSA-201810-06
reference_type
scores
url https://security.gentoo.org/glsa/201810-06
9
reference_url https://xenbits.xen.org/xsa/advisory-268.html
reference_id XSA-268
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-268.html
fixed_packages
0
url pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main
aliases CVE-2018-15469, XSA-268
risk_score 2.7
exploitability 0.5
weighted_severity 5.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ryde-cb98-ukgq
7
url VCID-t28t-5yyv-qyag
vulnerability_id VCID-t28t-5yyv-qyag
summary An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15468.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15468.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-15468
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.29759
published_at 2026-06-04T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.29827
published_at 2026-06-05T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.2979
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-15468
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1610548
reference_id 1610548
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1610548
9
reference_url https://security.gentoo.org/glsa/201810-06
reference_id GLSA-201810-06
reference_type
scores
url https://security.gentoo.org/glsa/201810-06
10
reference_url https://xenbits.xen.org/xsa/advisory-269.html
reference_id XSA-269
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-269.html
fixed_packages
0
url pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main
aliases CVE-2018-15468, XSA-269
risk_score 2.7
exploitability 0.5
weighted_severity 5.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t28t-5yyv-qyag
8
url VCID-x25p-vy12-nkbe
vulnerability_id VCID-x25p-vy12-nkbe
summary information disclosure
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3646.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3646.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-3646
reference_id
reference_type
scores
0
value 0.02527
scoring_system epss
scoring_elements 0.85731
published_at 2026-06-06T12:55:00Z
1
value 0.02527
scoring_system epss
scoring_elements 0.85728
published_at 2026-06-05T12:55:00Z
2
value 0.02527
scoring_system epss
scoring_elements 0.85706
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-3646
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url http://www.securitytracker.com/id/1041451
reference_id 1041451
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url http://www.securitytracker.com/id/1041451
9
reference_url http://www.securitytracker.com/id/1042004
reference_id 1042004
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url http://www.securitytracker.com/id/1042004
10
reference_url http://www.securityfocus.com/bid/105080
reference_id 105080
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url http://www.securityfocus.com/bid/105080
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1585005
reference_id 1585005
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1585005
12
reference_url https://usn.ubuntu.com/3740-1/
reference_id 3740-1
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://usn.ubuntu.com/3740-1/
13
reference_url https://usn.ubuntu.com/3740-2/
reference_id 3740-2
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://usn.ubuntu.com/3740-2/
14
reference_url https://usn.ubuntu.com/3741-1/
reference_id 3741-1
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://usn.ubuntu.com/3741-1/
15
reference_url https://usn.ubuntu.com/3741-2/
reference_id 3741-2
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://usn.ubuntu.com/3741-2/
16
reference_url https://usn.ubuntu.com/3742-1/
reference_id 3742-1
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://usn.ubuntu.com/3742-1/
17
reference_url https://usn.ubuntu.com/3742-2/
reference_id 3742-2
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://usn.ubuntu.com/3742-2/
18
reference_url https://usn.ubuntu.com/3756-1/
reference_id 3756-1
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://usn.ubuntu.com/3756-1/
19
reference_url https://usn.ubuntu.com/3823-1/
reference_id 3823-1
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://usn.ubuntu.com/3823-1/
20
reference_url https://www.kb.cert.org/vuls/id/982149
reference_id 982149
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://www.kb.cert.org/vuls/id/982149
21
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
reference_id ADV180018
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
22
reference_url http://xenbits.xen.org/xsa/advisory-273.html
reference_id advisory-273.html
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url http://xenbits.xen.org/xsa/advisory-273.html
23
reference_url https://security.archlinux.org/AVG-756
reference_id AVG-756
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-756
24
reference_url https://security.archlinux.org/AVG-757
reference_id AVG-757
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-757
25
reference_url https://security.archlinux.org/AVG-758
reference_id AVG-758
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-758
26
reference_url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
reference_id cisco-sa-20180814-cpusidechannel
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
27
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
reference_id display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
28
reference_url https://www.debian.org/security/2018/dsa-4274
reference_id dsa-4274
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://www.debian.org/security/2018/dsa-4274
29
reference_url https://www.debian.org/security/2018/dsa-4279
reference_id dsa-4279
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://www.debian.org/security/2018/dsa-4279
30
reference_url https://foreshadowattack.eu/
reference_id foreshadowattack.eu
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://foreshadowattack.eu/
31
reference_url https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
reference_id FreeBSD-SA-18:09.l1tf.asc
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
32
reference_url https://security.gentoo.org/glsa/201810-06
reference_id GLSA-201810-06
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://security.gentoo.org/glsa/201810-06
33
reference_url http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
reference_id huawei-sa-20180815-01-cpu-en
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
34
reference_url https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
reference_id intel-sa-00161.html
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
35
reference_url https://support.f5.com/csp/article/K31300402
reference_id K31300402
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://support.f5.com/csp/article/K31300402
36
reference_url https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
reference_id l1-terminal-fault
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
37
reference_url http://support.lenovo.com/us/en/solutions/LEN-24163
reference_id LEN-24163
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url http://support.lenovo.com/us/en/solutions/LEN-24163
38
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
reference_id msg00017.html
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
39
reference_url https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
40
reference_url https://security.netapp.com/advisory/ntap-20180815-0001/
reference_id ntap-20180815-0001
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://security.netapp.com/advisory/ntap-20180815-0001/
41
reference_url https://access.redhat.com/errata/RHSA-2018:2384
reference_id RHSA-2018:2384
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2384
42
reference_url https://access.redhat.com/errata/RHSA-2018:2387
reference_id RHSA-2018:2387
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2387
43
reference_url https://access.redhat.com/errata/RHSA-2018:2388
reference_id RHSA-2018:2388
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2388
44
reference_url https://access.redhat.com/errata/RHSA-2018:2389
reference_id RHSA-2018:2389
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2389
45
reference_url https://access.redhat.com/errata/RHSA-2018:2390
reference_id RHSA-2018:2390
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2390
46
reference_url https://access.redhat.com/errata/RHSA-2018:2391
reference_id RHSA-2018:2391
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2391
47
reference_url https://access.redhat.com/errata/RHSA-2018:2392
reference_id RHSA-2018:2392
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2392
48
reference_url https://access.redhat.com/errata/RHSA-2018:2393
reference_id RHSA-2018:2393
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2393
49
reference_url https://access.redhat.com/errata/RHSA-2018:2394
reference_id RHSA-2018:2394
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2394
50
reference_url https://access.redhat.com/errata/RHSA-2018:2395
reference_id RHSA-2018:2395
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2395
51
reference_url https://access.redhat.com/errata/RHSA-2018:2396
reference_id RHSA-2018:2396
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2396
52
reference_url https://access.redhat.com/errata/RHSA-2018:2402
reference_id RHSA-2018:2402
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2402
53
reference_url https://access.redhat.com/errata/RHSA-2018:2403
reference_id RHSA-2018:2403
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2403
54
reference_url https://access.redhat.com/errata/RHSA-2018:2404
reference_id RHSA-2018:2404
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2404
55
reference_url https://access.redhat.com/errata/RHSA-2018:2602
reference_id RHSA-2018:2602
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2602
56
reference_url https://access.redhat.com/errata/RHSA-2018:2603
reference_id RHSA-2018:2603
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://access.redhat.com/errata/RHSA-2018:2603
57
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
reference_id SNWLID-2018-0010
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
58
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
reference_id ssa-254686.pdf
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
59
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
reference_id ssa-608355.pdf
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
60
reference_url https://www.synology.com/support/security/Synology_SA_18_45
reference_id Synology_SA_18_45
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://www.synology.com/support/security/Synology_SA_18_45
61
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
reference_id V4UWGORQWCENCIF2BHWUEF2ODBV75QS2
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
62
reference_url http://www.vmware.com/security/advisories/VMSA-2018-0020.html
reference_id VMSA-2018-0020.html
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url http://www.vmware.com/security/advisories/VMSA-2018-0020.html
63
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
reference_id XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
64
reference_url https://xenbits.xen.org/xsa/advisory-273.html
reference_id XSA-273
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-273.html
fixed_packages
0
url pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main
aliases CVE-2018-3646, XSA-273
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x25p-vy12-nkbe
9
url VCID-xsax-bkka-pfah
vulnerability_id VCID-xsax-bkka-pfah
summary An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19967.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19967.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19967
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.22008
published_at 2026-06-04T12:55:00Z
1
value 0.00072
scoring_system epss
scoring_elements 0.22091
published_at 2026-06-05T12:55:00Z
2
value 0.00072
scoring_system epss
scoring_elements 0.22077
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19967
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1660493
reference_id 1660493
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1660493
9
reference_url https://xenbits.xen.org/xsa/advisory-282.html
reference_id XSA-282
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-282.html
fixed_packages
0
url pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main
aliases CVE-2018-19967, XSA-282
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xsax-bkka-pfah
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main