Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/xen@4.17.2-r1?arch=s390x&distroversion=v3.21&reponame=main
Typeapk
Namespacealpine
Namexen
Version4.17.2-r1
Qualifiers
arch s390x
distroversion v3.21
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.17.2-r2
Latest_non_vulnerable_version4.19.4-r2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8r4d-1tcs-13gd
vulnerability_id VCID-8r4d-1tcs-13gd
summary Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34321
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17587
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34321
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34321
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34321
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051954
reference_id 1051954
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051954
3
reference_url https://xenbits.xenproject.org/xsa/advisory-437.html
reference_id advisory-437.html
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:52:01Z/
url https://xenbits.xenproject.org/xsa/advisory-437.html
4
reference_url https://security.gentoo.org/glsa/202409-10
reference_id GLSA-202409-10
reference_type
scores
url https://security.gentoo.org/glsa/202409-10
5
reference_url https://xenbits.xen.org/xsa/advisory-437.html
reference_id XSA-437
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-437.html
fixed_packages
0
url pkg:apk/alpine/xen@4.17.2-r1?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/xen@4.17.2-r1?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.17.2-r1%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-34321, XSA-437
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8r4d-1tcs-13gd
1
url VCID-cgzn-pdre-1bec
vulnerability_id VCID-cgzn-pdre-1bec
summary For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34322
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18622
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34322
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34322
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34322
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://xenbits.xenproject.org/xsa/advisory-438.html
reference_id advisory-438.html
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T15:50:09Z/
url https://xenbits.xenproject.org/xsa/advisory-438.html
4
reference_url https://security.gentoo.org/glsa/202409-10
reference_id GLSA-202409-10
reference_type
scores
url https://security.gentoo.org/glsa/202409-10
5
reference_url https://xenbits.xen.org/xsa/advisory-438.html
reference_id XSA-438
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-438.html
fixed_packages
0
url pkg:apk/alpine/xen@4.17.2-r1?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/xen@4.17.2-r1?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.17.2-r1%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-34322, XSA-438
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgzn-pdre-1bec
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.17.2-r1%3Farch=s390x&distroversion=v3.21&reponame=main