Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/xen@4.18.0-r4?arch=riscv64&distroversion=edge&reponame=main
Typeapk
Namespacealpine
Namexen
Version4.18.0-r4
Qualifiers
arch riscv64
distroversion edge
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.18.0-r5
Latest_non_vulnerable_version4.21.1-r6
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-ma7k-xrxw-vubd
vulnerability_id VCID-ma7k-xrxw-vubd
summary Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called "shadow stacks", holding little more than return addresses. Shadow stacks aren't writable by normal instructions, and upon function returns their contents are used to check for possible manipulation of a return address coming from the traditional stack. In particular certain memory accesses need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the interaction of both of the above wasn't right: Recovery involves removal of a call frame from the (traditional) stack. The counterpart of this operation for the shadow stack was missing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46841
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.26013
published_at 2026-06-09T12:55:00Z
1
value 0.00093
scoring_system epss
scoring_elements 0.26115
published_at 2026-06-05T12:55:00Z
2
value 0.00093
scoring_system epss
scoring_elements 0.2611
published_at 2026-06-06T12:55:00Z
3
value 0.00093
scoring_system epss
scoring_elements 0.26063
published_at 2026-06-07T12:55:00Z
4
value 0.00093
scoring_system epss
scoring_elements 0.26007
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46841
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46841
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46841
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://xenbits.xenproject.org/xsa/advisory-451.html
reference_id advisory-451.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-25T16:09:38Z/
url https://xenbits.xenproject.org/xsa/advisory-451.html
4
reference_url https://security.gentoo.org/glsa/202409-10
reference_id GLSA-202409-10
reference_type
scores
url https://security.gentoo.org/glsa/202409-10
5
reference_url https://xenbits.xen.org/xsa/advisory-451.html
reference_id XSA-451
reference_type
scores
url https://xenbits.xen.org/xsa/advisory-451.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
reference_id ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-25T16:09:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
fixed_packages
0
url pkg:apk/alpine/xen@4.18.0-r4?arch=riscv64&distroversion=edge&reponame=main
purl pkg:apk/alpine/xen@4.18.0-r4?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.18.0-r4%3Farch=riscv64&distroversion=edge&reponame=main
aliases CVE-2023-46841, XSA-451
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ma7k-xrxw-vubd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.18.0-r4%3Farch=riscv64&distroversion=edge&reponame=main