Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/xen@4.15.2-r1?arch=x86&distroversion=v3.15&reponame=main

Type apk

Namespace alpine

Name xen

Version 4.15.2-r1

Qualifiers

arch	x86
distroversion	v3.15
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.15.2-r2

Latest_non_vulnerable_version 4.15.5-r3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-khun-8je2-b3ex

vulnerability_id VCID-khun-8je2-b3ex

summary x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-26362

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.15179
published_at	2026-06-06T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1508
published_at	2026-06-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.15189
published_at	2026-06-05T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.15105
published_at	2026-06-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1514
published_at	2026-06-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.15055
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-26362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23825
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23825

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014414
reference_id	1014414
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014414

reference_url	https://security.gentoo.org/glsa/202208-23
reference_id	GLSA-202208-23
reference_type
scores
url	https://security.gentoo.org/glsa/202208-23

reference_url	https://xenbits.xen.org/xsa/advisory-401.html
reference_id	XSA-401
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-401.html

fixed_packages

url	pkg:apk/alpine/xen@4.15.2-r1?arch=x86&distroversion=v3.15&reponame=main
purl	pkg:apk/alpine/xen@4.15.2-r1?arch=x86&distroversion=v3.15&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.15.2-r1%3Farch=x86&distroversion=v3.15&reponame=main

aliases CVE-2022-26362, XSA-401

risk_score 1.9

exploitability 0.5

weighted_severity 3.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khun-8je2-b3ex

url VCID-mpp8-g7f6-jfas

vulnerability_id VCID-mpp8-g7f6-jfas

summary x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-26364

reference_id

reference_type

scores

value	0.00108
scoring_system	epss
scoring_elements	0.28712
published_at	2026-06-06T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28652
published_at	2026-06-09T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28747
published_at	2026-06-05T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28675
published_at	2026-06-04T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28677
published_at	2026-06-07T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28643
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-26364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23825
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23825

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014414
reference_id	1014414
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014414

reference_url	https://security.gentoo.org/glsa/202208-23
reference_id	GLSA-202208-23
reference_type
scores
url	https://security.gentoo.org/glsa/202208-23

reference_url	https://xenbits.xen.org/xsa/advisory-402.html
reference_id	XSA-402
reference_type
scores
url	https://xenbits.xen.org/xsa/advisory-402.html

fixed_packages

url	pkg:apk/alpine/xen@4.15.2-r1?arch=x86&distroversion=v3.15&reponame=main
purl	pkg:apk/alpine/xen@4.15.2-r1?arch=x86&distroversion=v3.15&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.15.2-r1%3Farch=x86&distroversion=v3.15&reponame=main

aliases CVE-2022-26364, XSA-402

risk_score 2.0

exploitability 0.5

weighted_severity 4.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mpp8-g7f6-jfas

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.15.2-r1%3Farch=x86&distroversion=v3.15&reponame=main

Package Instance