Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/qemu@6.0.0-r2?arch=x86_64&distroversion=v3.18&reponame=community
Typeapk
Namespacealpine
Nameqemu
Version6.0.0-r2
Qualifiers
arch x86_64
distroversion v3.18
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.1.0-r0
Latest_non_vulnerable_version8.0.2-r1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4qxh-hn4s-3qd2
vulnerability_id VCID-4qxh-hn4s-3qd2
summary A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35505.json
reference_id
reference_type
scores
0
value 3.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35505.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35505
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.23165
published_at 2026-06-04T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.23246
published_at 2026-06-05T12:55:00Z
2
value 0.00077
scoring_system epss
scoring_elements 0.23232
published_at 2026-06-06T12:55:00Z
3
value 0.00077
scoring_system epss
scoring_elements 0.23186
published_at 2026-06-07T12:55:00Z
4
value 0.00077
scoring_system epss
scoring_elements 0.23132
published_at 2026-06-08T12:55:00Z
5
value 0.00077
scoring_system epss
scoring_elements 0.23136
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35505
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35505
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35505
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1909769
reference_id 1909769
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1909769
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984455
reference_id 984455
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984455
6
reference_url https://security.gentoo.org/glsa/202208-27
reference_id GLSA-202208-27
reference_type
scores
url https://security.gentoo.org/glsa/202208-27
7
reference_url https://usn.ubuntu.com/5010-1/
reference_id USN-5010-1
reference_type
scores
url https://usn.ubuntu.com/5010-1/
fixed_packages
0
url pkg:apk/alpine/qemu@6.0.0-r2?arch=x86_64&distroversion=v3.18&reponame=community
purl pkg:apk/alpine/qemu@6.0.0-r2?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@6.0.0-r2%3Farch=x86_64&distroversion=v3.18&reponame=community
aliases CVE-2020-35505
risk_score 1.4
exploitability 0.5
weighted_severity 2.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4qxh-hn4s-3qd2
1
url VCID-cdhb-1d2g-a7h5
vulnerability_id VCID-cdhb-1d2g-a7h5
summary A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35506.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35506.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35506
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09068
published_at 2026-06-04T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.0911
published_at 2026-06-05T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09127
published_at 2026-06-06T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09107
published_at 2026-06-07T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.09048
published_at 2026-06-08T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.09077
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35506
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35506
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35506
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1909996
reference_id 1909996
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1909996
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984454
reference_id 984454
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984454
6
reference_url https://security.gentoo.org/glsa/202208-27
reference_id GLSA-202208-27
reference_type
scores
url https://security.gentoo.org/glsa/202208-27
fixed_packages
0
url pkg:apk/alpine/qemu@6.0.0-r2?arch=x86_64&distroversion=v3.18&reponame=community
purl pkg:apk/alpine/qemu@6.0.0-r2?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@6.0.0-r2%3Farch=x86_64&distroversion=v3.18&reponame=community
aliases CVE-2020-35506
risk_score 2.2
exploitability 0.5
weighted_severity 4.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdhb-1d2g-a7h5
2
url VCID-cdmt-tr7r-4kh2
vulnerability_id VCID-cdmt-tr7r-4kh2
summary A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35504.json
reference_id
reference_type
scores
0
value 3.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35504.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35504
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30135
published_at 2026-06-04T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30209
published_at 2026-06-05T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30173
published_at 2026-06-06T12:55:00Z
3
value 0.00117
scoring_system epss
scoring_elements 0.30143
published_at 2026-06-07T12:55:00Z
4
value 0.00117
scoring_system epss
scoring_elements 0.30113
published_at 2026-06-08T12:55:00Z
5
value 0.00117
scoring_system epss
scoring_elements 0.30127
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35504
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35504
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35504
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1909766
reference_id 1909766
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1909766
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979679
reference_id 979679
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979679
6
reference_url https://security.gentoo.org/glsa/202208-27
reference_id GLSA-202208-27
reference_type
scores
url https://security.gentoo.org/glsa/202208-27
7
reference_url https://usn.ubuntu.com/5010-1/
reference_id USN-5010-1
reference_type
scores
url https://usn.ubuntu.com/5010-1/
fixed_packages
0
url pkg:apk/alpine/qemu@6.0.0-r2?arch=x86_64&distroversion=v3.18&reponame=community
purl pkg:apk/alpine/qemu@6.0.0-r2?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@6.0.0-r2%3Farch=x86_64&distroversion=v3.18&reponame=community
aliases CVE-2020-35504
risk_score 1.4
exploitability 0.5
weighted_severity 2.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdmt-tr7r-4kh2
3
url VCID-e5xp-7xwy-83a9
vulnerability_id VCID-e5xp-7xwy-83a9
summary A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3527.json
reference_id
reference_type
scores
0
value 3.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3527.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3527
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09527
published_at 2026-06-04T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09568
published_at 2026-06-07T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.09588
published_at 2026-06-06T12:55:00Z
3
value 0.00084
scoring_system epss
scoring_elements 0.24521
published_at 2026-06-09T12:55:00Z
4
value 0.00084
scoring_system epss
scoring_elements 0.24512
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3527
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3527
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3527
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1955695
reference_id 1955695
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1955695
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988157
reference_id 988157
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988157
6
reference_url https://security.gentoo.org/glsa/202208-27
reference_id GLSA-202208-27
reference_type
scores
url https://security.gentoo.org/glsa/202208-27
7
reference_url https://usn.ubuntu.com/5010-1/
reference_id USN-5010-1
reference_type
scores
url https://usn.ubuntu.com/5010-1/
fixed_packages
0
url pkg:apk/alpine/qemu@6.0.0-r2?arch=x86_64&distroversion=v3.18&reponame=community
purl pkg:apk/alpine/qemu@6.0.0-r2?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@6.0.0-r2%3Farch=x86_64&distroversion=v3.18&reponame=community
aliases CVE-2021-3527
risk_score 1.4
exploitability 0.5
weighted_severity 2.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5xp-7xwy-83a9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@6.0.0-r2%3Farch=x86_64&distroversion=v3.18&reponame=community