Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/xen@4.13.0-r1?arch=x86_64&distroversion=v3.11&reponame=main

Type apk

Namespace alpine

Name xen

Version 4.13.0-r1

Qualifiers

arch	x86_64
distroversion	v3.11
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.13.1-r1

Latest_non_vulnerable_version 4.13.4-r2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-5mx4-ysa4-huex

vulnerability_id VCID-5mx4-ysa4-huex

summary An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11742.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11742.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11742

reference_id

reference_type

scores

value	0.00091
scoring_system	epss
scoring_elements	0.25716
published_at	2026-06-04T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25819
published_at	2026-06-05T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.2581
published_at	2026-06-06T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25763
published_at	2026-06-07T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25704
published_at	2026-06-08T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.2571
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11742

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1823942
reference_id	1823942
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1823942

reference_url	https://security.gentoo.org/glsa/202005-08
reference_id	GLSA-202005-08
reference_type
scores
url	https://security.gentoo.org/glsa/202005-08

reference_url	https://usn.ubuntu.com/5617-1/
reference_id	USN-5617-1
reference_type
scores
url	https://usn.ubuntu.com/5617-1/

reference_url	https://xenbits.xen.org/xsa/advisory-318.html
reference_id	XSA-318
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-318.html

fixed_packages

url	pkg:apk/alpine/xen@4.13.0-r1?arch=x86_64&distroversion=v3.11&reponame=main
purl	pkg:apk/alpine/xen@4.13.0-r1?arch=x86_64&distroversion=v3.11&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.13.0-r1%3Farch=x86_64&distroversion=v3.11&reponame=main

aliases CVE-2020-11742, XSA-318

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5mx4-ysa4-huex

url VCID-ck3y-pf64-3kg2

vulnerability_id VCID-ck3y-pf64-3kg2

summary An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11743.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11743.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11743

reference_id

reference_type

scores

value	0.00094
scoring_system	epss
scoring_elements	0.26262
published_at	2026-06-09T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26366
published_at	2026-06-05T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26358
published_at	2026-06-06T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26314
published_at	2026-06-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26257
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11743

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1823925
reference_id	1823925
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1823925

reference_url	https://security.gentoo.org/glsa/202005-08
reference_id	GLSA-202005-08
reference_type
scores
url	https://security.gentoo.org/glsa/202005-08

reference_url	https://usn.ubuntu.com/5617-1/
reference_id	USN-5617-1
reference_type
scores
url	https://usn.ubuntu.com/5617-1/

reference_url	https://xenbits.xen.org/xsa/advisory-316.html
reference_id	XSA-316
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-316.html

fixed_packages

url	pkg:apk/alpine/xen@4.13.0-r1?arch=x86_64&distroversion=v3.11&reponame=main
purl	pkg:apk/alpine/xen@4.13.0-r1?arch=x86_64&distroversion=v3.11&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.13.0-r1%3Farch=x86_64&distroversion=v3.11&reponame=main

aliases CVE-2020-11743, XSA-316

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ck3y-pf64-3kg2

url VCID-ezkf-vc4e-qugk

vulnerability_id VCID-ezkf-vc4e-qugk

summary An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11739.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11739.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11739

reference_id

reference_type

scores

value	0.00087
scoring_system	epss
scoring_elements	0.25042
published_at	2026-06-04T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25138
published_at	2026-06-05T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25125
published_at	2026-06-06T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25072
published_at	2026-06-07T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25015
published_at	2026-06-08T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25024
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11739

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1823783
reference_id	1823783
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1823783

reference_url	https://security.gentoo.org/glsa/202005-08
reference_id	GLSA-202005-08
reference_type
scores
url	https://security.gentoo.org/glsa/202005-08

reference_url	https://usn.ubuntu.com/5617-1/
reference_id	USN-5617-1
reference_type
scores
url	https://usn.ubuntu.com/5617-1/

reference_url	https://xenbits.xen.org/xsa/advisory-314.html
reference_id	XSA-314
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-314.html

fixed_packages

url	pkg:apk/alpine/xen@4.13.0-r1?arch=x86_64&distroversion=v3.11&reponame=main
purl	pkg:apk/alpine/xen@4.13.0-r1?arch=x86_64&distroversion=v3.11&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.13.0-r1%3Farch=x86_64&distroversion=v3.11&reponame=main

aliases CVE-2020-11739, XSA-314

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ezkf-vc4e-qugk

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.13.0-r1%3Farch=x86_64&distroversion=v3.11&reponame=main

Package Instance