{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","type":"apk","namespace":"alpine","name":"xen","version":"4.11.1-r0","qualifiers":{"arch":"armv7","distroversion":"v3.9","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.11.1-r2","latest_non_vulnerable_version":"4.11.4-r2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106354?format=json","vulnerability_id":"VCID-47em-hxbk-jye7","summary":"An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18883.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18883","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38167","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38255","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38258","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18883"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643116","reference_id":"1643116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643116"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-278.html","reference_id":"XSA-278","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-278.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2018-18883","XSA-278"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47em-hxbk-jye7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106360?format=json","vulnerability_id":"VCID-77s9-h9s5-jqg8","summary":"An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19965.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19965","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39286","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39375","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3938","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1647588","reference_id":"1647588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1647588"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-279.html","reference_id":"XSA-279","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-279.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2018-19965","XSA-279"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77s9-h9s5-jqg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106358?format=json","vulnerability_id":"VCID-g8xv-up2a-8kek","summary":"An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19963.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19963.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19963","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16275","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16357","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16356","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19963"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19963","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19963"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652231","reference_id":"1652231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652231"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-276.html","reference_id":"XSA-276","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-276.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2018-19963","XSA-276"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8xv-up2a-8kek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106361?format=json","vulnerability_id":"VCID-j8n3-djnz-g7f3","summary":"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19966.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19966","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31059","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31091","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652235","reference_id":"1652235","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652235"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-280.html","reference_id":"XSA-280","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-280.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2018-19966","XSA-280"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8n3-djnz-g7f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106359?format=json","vulnerability_id":"VCID-mck5-6qme-mbgz","summary":"An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19964.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19964.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19964","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31122","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31189","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31156","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19964"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652227","reference_id":"1652227","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652227"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-277.html","reference_id":"XSA-277","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-277.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2018-19964","XSA-277"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mck5-6qme-mbgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106357?format=json","vulnerability_id":"VCID-mxev-xz4c-4kft","summary":"An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19962.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19962","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39468","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39555","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39559","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1647573","reference_id":"1647573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1647573"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-275.html","reference_id":"XSA-275","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-275.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2018-19962","XSA-275"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxev-xz4c-4kft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106352?format=json","vulnerability_id":"VCID-ryde-cb98-ukgq","summary":"An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15469.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15469.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15469","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3968","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39766","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39769","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610543","reference_id":"1610543","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610543"},{"reference_url":"https://security.gentoo.org/glsa/201810-06","reference_id":"GLSA-201810-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-06"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-268.html","reference_id":"XSA-268","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-268.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2018-15469","XSA-268"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ryde-cb98-ukgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106351?format=json","vulnerability_id":"VCID-t28t-5yyv-qyag","summary":"An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15468.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15468.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15468","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29759","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29827","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.2979","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610548","reference_id":"1610548","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610548"},{"reference_url":"https://security.gentoo.org/glsa/201810-06","reference_id":"GLSA-201810-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-06"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-269.html","reference_id":"XSA-269","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-269.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2018-15468","XSA-269"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t28t-5yyv-qyag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6242?format=json","vulnerability_id":"VCID-x25p-vy12-nkbe","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3646.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3646.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3646","reference_id":"","reference_type":"","scores":[{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85731","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85728","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02527","scoring_system":"epss","scoring_elements":"0.85706","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1041451","reference_id":"1041451","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"http://www.securitytracker.com/id/1041451"},{"reference_url":"http://www.securitytracker.com/id/1042004","reference_id":"1042004","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"http://www.securitytracker.com/id/1042004"},{"reference_url":"http://www.securityfocus.com/bid/105080","reference_id":"105080","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"http://www.securityfocus.com/bid/105080"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1585005","reference_id":"1585005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1585005"},{"reference_url":"https://usn.ubuntu.com/3740-1/","reference_id":"3740-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://usn.ubuntu.com/3740-1/"},{"reference_url":"https://usn.ubuntu.com/3740-2/","reference_id":"3740-2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://usn.ubuntu.com/3740-2/"},{"reference_url":"https://usn.ubuntu.com/3741-1/","reference_id":"3741-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://usn.ubuntu.com/3741-1/"},{"reference_url":"https://usn.ubuntu.com/3741-2/","reference_id":"3741-2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://usn.ubuntu.com/3741-2/"},{"reference_url":"https://usn.ubuntu.com/3742-1/","reference_id":"3742-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://usn.ubuntu.com/3742-1/"},{"reference_url":"https://usn.ubuntu.com/3742-2/","reference_id":"3742-2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://usn.ubuntu.com/3742-2/"},{"reference_url":"https://usn.ubuntu.com/3756-1/","reference_id":"3756-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://usn.ubuntu.com/3756-1/"},{"reference_url":"https://usn.ubuntu.com/3823-1/","reference_id":"3823-1","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://usn.ubuntu.com/3823-1/"},{"reference_url":"https://www.kb.cert.org/vuls/id/982149","reference_id":"982149","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://www.kb.cert.org/vuls/id/982149"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018","reference_id":"ADV180018","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"},{"reference_url":"http://xenbits.xen.org/xsa/advisory-273.html","reference_id":"advisory-273.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"http://xenbits.xen.org/xsa/advisory-273.html"},{"reference_url":"https://security.archlinux.org/AVG-756","reference_id":"AVG-756","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-756"},{"reference_url":"https://security.archlinux.org/AVG-757","reference_id":"AVG-757","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-757"},{"reference_url":"https://security.archlinux.org/AVG-758","reference_id":"AVG-758","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-758"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel","reference_id":"cisco-sa-20180814-cpusidechannel","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us","reference_id":"display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us"},{"reference_url":"https://www.debian.org/security/2018/dsa-4274","reference_id":"dsa-4274","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://www.debian.org/security/2018/dsa-4274"},{"reference_url":"https://www.debian.org/security/2018/dsa-4279","reference_id":"dsa-4279","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://www.debian.org/security/2018/dsa-4279"},{"reference_url":"https://foreshadowattack.eu/","reference_id":"foreshadowattack.eu","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://foreshadowattack.eu/"},{"reference_url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc","reference_id":"FreeBSD-SA-18:09.l1tf.asc","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"},{"reference_url":"https://security.gentoo.org/glsa/201810-06","reference_id":"GLSA-201810-06","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://security.gentoo.org/glsa/201810-06"},{"reference_url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en","reference_id":"huawei-sa-20180815-01-cpu-en","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"},{"reference_url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html","reference_id":"intel-sa-00161.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"},{"reference_url":"https://support.f5.com/csp/article/K31300402","reference_id":"K31300402","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://support.f5.com/csp/article/K31300402"},{"reference_url":"https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault","reference_id":"l1-terminal-fault","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"},{"reference_url":"http://support.lenovo.com/us/en/solutions/LEN-24163","reference_id":"LEN-24163","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"http://support.lenovo.com/us/en/solutions/LEN-24163"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180815-0001/","reference_id":"ntap-20180815-0001","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180815-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2384","reference_id":"RHSA-2018:2384","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2387","reference_id":"RHSA-2018:2387","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2388","reference_id":"RHSA-2018:2388","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2389","reference_id":"RHSA-2018:2389","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2390","reference_id":"RHSA-2018:2390","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2391","reference_id":"RHSA-2018:2391","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2392","reference_id":"RHSA-2018:2392","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2392"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2393","reference_id":"RHSA-2018:2393","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2393"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2394","reference_id":"RHSA-2018:2394","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2394"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2395","reference_id":"RHSA-2018:2395","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2395"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2396","reference_id":"RHSA-2018:2396","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2402","reference_id":"RHSA-2018:2402","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2403","reference_id":"RHSA-2018:2403","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2404","reference_id":"RHSA-2018:2404","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2602","reference_id":"RHSA-2018:2602","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2603","reference_id":"RHSA-2018:2603","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:2603"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010","reference_id":"SNWLID-2018-0010","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf","reference_id":"ssa-254686.pdf","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf","reference_id":"ssa-608355.pdf","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"},{"reference_url":"https://www.synology.com/support/security/Synology_SA_18_45","reference_id":"Synology_SA_18_45","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://www.synology.com/support/security/Synology_SA_18_45"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/","reference_id":"V4UWGORQWCENCIF2BHWUEF2ODBV75QS2","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2018-0020.html","reference_id":"VMSA-2018-0020.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"http://www.vmware.com/security/advisories/VMSA-2018-0020.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/","reference_id":"XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:10:26Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-273.html","reference_id":"XSA-273","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-273.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2018-3646","XSA-273"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x25p-vy12-nkbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106362?format=json","vulnerability_id":"VCID-xsax-bkka-pfah","summary":"An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19967.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19967.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19967","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22008","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22091","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22077","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19967"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19967"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1660493","reference_id":"1660493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1660493"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-282.html","reference_id":"XSA-282","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-282.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/320555?format=json","purl":"pkg:apk/alpine/xen@4.11.1-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2018-19967","XSA-282"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsax-bkka-pfah"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.11.1-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}