Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/xen@4.7.1-r5?arch=ppc64le&distroversion=edge&reponame=main

Type apk

Namespace alpine

Name xen

Version 4.7.1-r5

Qualifiers

arch	ppc64le
distroversion	edge
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.7.2-r0

Latest_non_vulnerable_version 4.21.1-r4

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-bk24-wqs5-5fcv

vulnerability_id VCID-bk24-wqs5-5fcv

summary Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2615.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2615.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2615

reference_id

reference_type

scores

value	0.0101
scoring_system	epss
scoring_elements	0.77447
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2615

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2615
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2615

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:A/AC:M/Au:S/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418200
reference_id	1418200
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418200

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854731
reference_id	854731
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854731

reference_url	https://security.gentoo.org/glsa/201702-27
reference_id	GLSA-201702-27
reference_type
scores
url	https://security.gentoo.org/glsa/201702-27

reference_url	https://security.gentoo.org/glsa/201702-28
reference_id	GLSA-201702-28
reference_type
scores
url	https://security.gentoo.org/glsa/201702-28

reference_url	https://access.redhat.com/errata/RHSA-2017:0309
reference_id	RHSA-2017:0309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0309

reference_url	https://access.redhat.com/errata/RHSA-2017:0328
reference_id	RHSA-2017:0328
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0328

reference_url	https://access.redhat.com/errata/RHSA-2017:0329
reference_id	RHSA-2017:0329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0329

reference_url	https://access.redhat.com/errata/RHSA-2017:0330
reference_id	RHSA-2017:0330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0330

reference_url	https://access.redhat.com/errata/RHSA-2017:0331
reference_id	RHSA-2017:0331
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0331

reference_url	https://access.redhat.com/errata/RHSA-2017:0332
reference_id	RHSA-2017:0332
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0332

reference_url	https://access.redhat.com/errata/RHSA-2017:0333
reference_id	RHSA-2017:0333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0333

reference_url	https://access.redhat.com/errata/RHSA-2017:0334
reference_id	RHSA-2017:0334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0334

reference_url	https://access.redhat.com/errata/RHSA-2017:0344
reference_id	RHSA-2017:0344
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0344

reference_url	https://access.redhat.com/errata/RHSA-2017:0350
reference_id	RHSA-2017:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0350

reference_url	https://access.redhat.com/errata/RHSA-2017:0396
reference_id	RHSA-2017:0396
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0396

reference_url	https://access.redhat.com/errata/RHSA-2017:0454
reference_id	RHSA-2017:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0454

reference_url	https://usn.ubuntu.com/3261-1/
reference_id	USN-3261-1
reference_type
scores
url	https://usn.ubuntu.com/3261-1/

reference_url	https://xenbits.xen.org/xsa/advisory-208.html
reference_id	XSA-208
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-208.html

fixed_packages

url	pkg:apk/alpine/xen@4.7.1-r5?arch=ppc64le&distroversion=edge&reponame=main
purl	pkg:apk/alpine/xen@4.7.1-r5?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.7.1-r5%3Farch=ppc64le&distroversion=edge&reponame=main

aliases CVE-2017-2615, XSA-208

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bk24-wqs5-5fcv

url VCID-ur84-4qah-6ued

vulnerability_id VCID-ur84-4qah-6ued

summary Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2620.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2620.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2620

reference_id

reference_type

scores

value	0.0241
scoring_system	epss
scoring_elements	0.85375
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2620

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2620
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2620

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:A/AC:M/Au:S/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1420484
reference_id	1420484
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1420484

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855791
reference_id	855791
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855791

reference_url	https://security.gentoo.org/glsa/201703-07
reference_id	GLSA-201703-07
reference_type
scores
url	https://security.gentoo.org/glsa/201703-07

reference_url	https://security.gentoo.org/glsa/201704-01
reference_id	GLSA-201704-01
reference_type
scores
url	https://security.gentoo.org/glsa/201704-01

reference_url	https://access.redhat.com/errata/RHSA-2017:0328
reference_id	RHSA-2017:0328
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0328

reference_url	https://access.redhat.com/errata/RHSA-2017:0329
reference_id	RHSA-2017:0329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0329

reference_url	https://access.redhat.com/errata/RHSA-2017:0330
reference_id	RHSA-2017:0330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0330

reference_url	https://access.redhat.com/errata/RHSA-2017:0331
reference_id	RHSA-2017:0331
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0331

reference_url	https://access.redhat.com/errata/RHSA-2017:0332
reference_id	RHSA-2017:0332
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0332

reference_url	https://access.redhat.com/errata/RHSA-2017:0333
reference_id	RHSA-2017:0333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0333

reference_url	https://access.redhat.com/errata/RHSA-2017:0334
reference_id	RHSA-2017:0334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0334

reference_url	https://access.redhat.com/errata/RHSA-2017:0350
reference_id	RHSA-2017:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0350

reference_url	https://access.redhat.com/errata/RHSA-2017:0351
reference_id	RHSA-2017:0351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0351

reference_url	https://access.redhat.com/errata/RHSA-2017:0352
reference_id	RHSA-2017:0352
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0352

reference_url	https://access.redhat.com/errata/RHSA-2017:0396
reference_id	RHSA-2017:0396
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0396

reference_url	https://access.redhat.com/errata/RHSA-2017:0454
reference_id	RHSA-2017:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0454

reference_url	https://usn.ubuntu.com/3261-1/
reference_id	USN-3261-1
reference_type
scores
url	https://usn.ubuntu.com/3261-1/

reference_url	https://xenbits.xen.org/xsa/advisory-209.html
reference_id	XSA-209
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-209.html

fixed_packages

url	pkg:apk/alpine/xen@4.7.1-r5?arch=ppc64le&distroversion=edge&reponame=main
purl	pkg:apk/alpine/xen@4.7.1-r5?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.7.1-r5%3Farch=ppc64le&distroversion=edge&reponame=main

aliases CVE-2017-2620, XSA-209

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ur84-4qah-6ued

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.7.1-r5%3Farch=ppc64le&distroversion=edge&reponame=main

Package Instance