{"url":"http://public2.vulnerablecode.io/api/packages/472333?format=json","purl":"pkg:apk/alpine/xen@4.7.0-r0?arch=armv7&distroversion=v3.9&reponame=main","type":"apk","namespace":"alpine","name":"xen","version":"4.7.0-r0","qualifiers":{"arch":"armv7","distroversion":"v3.9","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.7.0-r1","latest_non_vulnerable_version":"4.11.4-r2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106276?format=json","vulnerability_id":"VCID-jy6c-r1gu-tyhs","summary":"Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6259.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6259.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6259","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50279","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5034","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50348","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5033","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50301","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5032","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1355983","reference_id":"1355983","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1355983"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-183.html","reference_id":"XSA-183","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-183.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/472333?format=json","purl":"pkg:apk/alpine/xen@4.7.0-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.7.0-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2016-6259","XSA-183"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jy6c-r1gu-tyhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99219?format=json","vulnerability_id":"VCID-v5yc-med9-ufd8","summary":"The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5403.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5403.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5403","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17593","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17672","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17666","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17633","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17553","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1757","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5403"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:M/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358359","reference_id":"1358359","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358359"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832619","reference_id":"832619","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1585","reference_id":"RHSA-2016:1585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1586","reference_id":"RHSA-2016:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1606","reference_id":"RHSA-2016:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1607","reference_id":"RHSA-2016:1607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1607"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1652","reference_id":"RHSA-2016:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1653","reference_id":"RHSA-2016:1653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1654","reference_id":"RHSA-2016:1654","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1655","reference_id":"RHSA-2016:1655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1756","reference_id":"RHSA-2016:1756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1763","reference_id":"RHSA-2016:1763","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1943","reference_id":"RHSA-2016:1943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1943"},{"reference_url":"https://usn.ubuntu.com/3047-1/","reference_id":"USN-3047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3047-1/"},{"reference_url":"https://usn.ubuntu.com/3125-1/","reference_id":"USN-3125-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3125-1/"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-184.html","reference_id":"XSA-184","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-184.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/472333?format=json","purl":"pkg:apk/alpine/xen@4.7.0-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.7.0-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2016-5403","XSA-184"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5yc-med9-ufd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106275?format=json","vulnerability_id":"VCID-x5vr-w5xb-r7dr","summary":"The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6258.json","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6258.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6258","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29333","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29402","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29367","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29332","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29298","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29312","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6258"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5242","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5242"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6258","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6258"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1355987","reference_id":"1355987","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1355987"},{"reference_url":"https://security.gentoo.org/glsa/201611-09","reference_id":"GLSA-201611-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201611-09"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-182.html","reference_id":"XSA-182","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-182.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/472333?format=json","purl":"pkg:apk/alpine/xen@4.7.0-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.7.0-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}],"aliases":["CVE-2016-6258","XSA-182"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5vr-w5xb-r7dr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.7.0-r0%3Farch=armv7&distroversion=v3.9&reponame=main"}