Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/398450?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/398450?format=api", "purl": "pkg:apk/alpine/qemu@5.2.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "type": "apk", "namespace": "alpine", "name": "qemu", "version": "5.2.0-r0", "qualifiers": { "arch": "s390x", "distroversion": "v3.22", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "6.0.0-r1", "latest_non_vulnerable_version": "8.0.2-r1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99436?format=api", "vulnerability_id": "VCID-1ukg-j1ya-67ee", "summary": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25723.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25723.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25723", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1096", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11047", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11041", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11005", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10924", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10939", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25723" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579", "reference_id": "1898579", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975276", "reference_id": "975276", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0648", "reference_id": "RHSA-2021:0648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0771", "reference_id": "RHSA-2021:0771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1762", "reference_id": "RHSA-2021:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1762" }, { "reference_url": "https://usn.ubuntu.com/4650-1/", "reference_id": "USN-4650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4650-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398450?format=api", "purl": "pkg:apk/alpine/qemu@5.2.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.2.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2020-25723" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ukg-j1ya-67ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99439?format=api", "vulnerability_id": "VCID-4cru-2baj-3khp", "summary": "hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25743.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25743.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13745", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13823", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13826", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13787", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13702", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13732", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25743" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881409", "reference_id": "1881409", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881409" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970940", "reference_id": "970940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970940" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398450?format=api", "purl": "pkg:apk/alpine/qemu@5.2.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.2.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2020-25743" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cru-2baj-3khp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99443?format=api", "vulnerability_id": "VCID-6bwp-u1rt-vqcu", "summary": "A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27821.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27821.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27821", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11118", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11206", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.112", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11166", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11086", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11099", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27821" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27821" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902651", "reference_id": "1902651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977616", "reference_id": "977616", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977616" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1762", "reference_id": "RHSA-2021:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1762" }, { "reference_url": "https://usn.ubuntu.com/4725-1/", "reference_id": "USN-4725-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4725-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398450?format=api", "purl": "pkg:apk/alpine/qemu@5.2.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.2.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2020-27821" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bwp-u1rt-vqcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99452?format=api", "vulnerability_id": "VCID-6wk9-6z33-hyh5", "summary": "A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29472", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.2954", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29502", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.2947", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29437", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29451", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35517" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823", "reference_id": "1915823", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980814", "reference_id": "980814", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980814" }, { "reference_url": "https://security.gentoo.org/glsa/202208-27", "reference_id": "GLSA-202208-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0711", "reference_id": "RHSA-2021:0711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0743", "reference_id": "RHSA-2021:0743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0743" }, { "reference_url": "https://usn.ubuntu.com/5010-1/", "reference_id": "USN-5010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398450?format=api", "purl": "pkg:apk/alpine/qemu@5.2.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.2.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2020-35517" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wk9-6z33-hyh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99446?format=api", "vulnerability_id": "VCID-9ut3-4mv4-a7hv", "summary": "ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29443.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29443.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22804", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22885", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22869", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22825", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22775", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22778", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29443" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917446", "reference_id": "1917446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917446" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983575", "reference_id": "983575", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1762", "reference_id": "RHSA-2021:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1762" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2322", "reference_id": "RHSA-2021:2322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2529", "reference_id": "RHSA-2021:2529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2529" }, { "reference_url": "https://usn.ubuntu.com/4725-1/", "reference_id": "USN-4725-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4725-1/" }, { "reference_url": "https://usn.ubuntu.com/5010-1/", "reference_id": "USN-5010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398450?format=api", "purl": "pkg:apk/alpine/qemu@5.2.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.2.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2020-29443" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ut3-4mv4-a7hv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99431?format=api", "vulnerability_id": "VCID-ezxc-9mpu-zubg", "summary": "An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24352.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33331", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33433", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33448", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33413", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33379", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.334", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24352" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584", "reference_id": "1847584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968820", "reference_id": "968820", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968820" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398450?format=api", "purl": "pkg:apk/alpine/qemu@5.2.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.2.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2020-24352" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezxc-9mpu-zubg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99438?format=api", "vulnerability_id": "VCID-hfhm-gx7c-ebf5", "summary": "pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25742.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25742.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25742", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13745", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13823", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13826", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13787", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13702", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13732", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25742" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883178", "reference_id": "1883178", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883178" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971390", "reference_id": "971390", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971390" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398450?format=api", "purl": "pkg:apk/alpine/qemu@5.2.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.2.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2020-25742" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfhm-gx7c-ebf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99455?format=api", "vulnerability_id": "VCID-j8fc-1qbk-7yex", "summary": "An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20203.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20203.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0923", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09273", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09292", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09271", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09211", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09242", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20203" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922441", "reference_id": "1922441", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922441" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984452", "reference_id": "984452", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984452" }, { "reference_url": "https://security.gentoo.org/glsa/202208-27", "reference_id": "GLSA-202208-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-27" }, { "reference_url": "https://usn.ubuntu.com/5307-1/", "reference_id": "USN-5307-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5307-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398450?format=api", "purl": "pkg:apk/alpine/qemu@5.2.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.2.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2021-20203" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8fc-1qbk-7yex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99442?format=api", "vulnerability_id": "VCID-tru4-g6pk-wqb1", "summary": "A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27661.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38764", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38853", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38857", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3883", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38802", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38813", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27661" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890653", "reference_id": "1890653", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890653" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972864", "reference_id": "972864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972864" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398450?format=api", "purl": "pkg:apk/alpine/qemu@5.2.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.2.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2020-27661" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tru4-g6pk-wqb1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qemu@5.2.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" }