{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","type":"deb","namespace":"debian","name":"virtualbox","version":"5.2.24-dfsg-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"6.0.6-dfsg-1","latest_non_vulnerable_version":"7.2.8-dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203341?format=json","vulnerability_id":"VCID-2rmb-xydd-ckbs","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.26 and prior to 6.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2527","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42147","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42395","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42037","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42065","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42136","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42321","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42424","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42362","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42411","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42418","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42442","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42405","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42375","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42399","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42327","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42261","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42257","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42174","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.4203","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42106","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42122","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2527"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:54Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:54Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2527","reference_id":"CVE-2019-2527","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2527"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2527"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2rmb-xydd-ckbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203309?format=json","vulnerability_id":"VCID-3wdm-kske-ufg6","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:10Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2504","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26349","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26299","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26227","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26325","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26595","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26641","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26685","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2647","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26538","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26587","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26593","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26548","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26491","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26469","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26431","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26369","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26363","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26308","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26176","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26243","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2504"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:10Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:10Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2504","reference_id":"CVE-2019-2504","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2504"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2504"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3wdm-kske-ufg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203333?format=json","vulnerability_id":"VCID-5ae9-et5p-9yat","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:17Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2522","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33159","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33027","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33052","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33132","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33406","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33375","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33219","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33122","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33116","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2522"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:17Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:17Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2522","reference_id":"CVE-2019-2522","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2522"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2522"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ae9-et5p-9yat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203311?format=json","vulnerability_id":"VCID-5dnb-z566-67by","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2505","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26882","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26755","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26774","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26857","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27185","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27014","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27083","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27129","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27132","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27089","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27031","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2704","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27015","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26978","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26925","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26859","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26714","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26782","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26831","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2505"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:09Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:09Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2505","reference_id":"CVE-2019-2505","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2505"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2505"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dnb-z566-67by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203365?format=json","vulnerability_id":"VCID-5q9d-47a4-9uah","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:28Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2553","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26882","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26755","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26774","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26857","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27185","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27014","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27083","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27129","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27132","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27089","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27031","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2704","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27015","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26978","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26925","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26859","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26714","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26782","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26831","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2553"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:28Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:28Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2553","reference_id":"CVE-2019-2553","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2553"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2553"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5q9d-47a4-9uah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203336?format=json","vulnerability_id":"VCID-5xv9-gayz-jbdb","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2524","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33159","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33027","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33052","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33132","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33406","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33375","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33219","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33122","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33116","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2524"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:14Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:14Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2524","reference_id":"CVE-2019-2524","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2524"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2524"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xv9-gayz-jbdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203244?format=json","vulnerability_id":"VCID-625m-j3ya-dua2","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:38Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:38Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2450","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29974","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29865","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29886","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29961","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30478","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30347","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30294","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30309","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30292","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30247","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30181","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30065","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29856","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29927","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29936","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2450"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:38Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:38Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2450","reference_id":"CVE-2019-2450","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2450"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2450"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-625m-j3ya-dua2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203331?format=json","vulnerability_id":"VCID-6v66-95ez-u7ev","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:18Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2521","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33159","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33027","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33052","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33132","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33406","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33375","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33219","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33122","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33116","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2521"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:18Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:18Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2521","reference_id":"CVE-2019-2521","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2521"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2521"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6v66-95ez-u7ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203307?format=json","vulnerability_id":"VCID-7kps-avn8-ubaj","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:21Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2500","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33159","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33027","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33052","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33132","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33406","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33375","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33219","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33122","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33116","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2500"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:21Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:21Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2500","reference_id":"CVE-2019-2500","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2500"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2500"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kps-avn8-ubaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203335?format=json","vulnerability_id":"VCID-98ty-spyd-tka6","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:15Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2523","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33159","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33027","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33052","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33132","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33406","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33375","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33219","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33122","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33116","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2523"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:15Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:15Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2523","reference_id":"CVE-2019-2523","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2523"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2523"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98ty-spyd-tka6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203242?format=json","vulnerability_id":"VCID-9dsa-x4gg-kbg1","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:40Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:40Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2448","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36246","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36133","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36156","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36227","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36553","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36645","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36671","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3661","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36656","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36638","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36578","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36354","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36324","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36237","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36121","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3619","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36218","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2448"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:40Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:40Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2448","reference_id":"CVE-2019-2448","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2448"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2448"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dsa-x4gg-kbg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203338?format=json","vulnerability_id":"VCID-9mq9-4pj2-3ygp","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:55Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:55Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2525","reference_id":"","reference_type":"","scores":[{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93517","published_at":"2026-05-15T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93406","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93492","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93498","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93511","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93398","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93414","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93425","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93431","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93432","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93451","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93456","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93462","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93463","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93468","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11022","scoring_system":"epss","scoring_elements":"0.93481","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2525"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:55Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:55Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2525","reference_id":"CVE-2019-2525","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2525"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2525"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mq9-4pj2-3ygp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203358?format=json","vulnerability_id":"VCID-au36-g2mp-gke6","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:10Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2548","reference_id":"","reference_type":"","scores":[{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88341","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88291","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88304","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88333","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88156","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88164","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.8818","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88186","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88206","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88223","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88215","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88228","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88227","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88245","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.8825","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88253","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88265","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88281","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0386","scoring_system":"epss","scoring_elements":"0.88293","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2548"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:10Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:10Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2548","reference_id":"CVE-2019-2548","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2548"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2548"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-au36-g2mp-gke6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203317?format=json","vulnerability_id":"VCID-bq98-t2fh-8ud5","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:02Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:02Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2509","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37923","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38398","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37859","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37835","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37911","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38262","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38421","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38285","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38335","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38361","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38325","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38299","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38347","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38103","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3808","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37986","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37868","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37936","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37948","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2509"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:02Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:02Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2509","reference_id":"CVE-2019-2509","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:C"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2509"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2509"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bq98-t2fh-8ud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203313?format=json","vulnerability_id":"VCID-bqur-e23f-aydg","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:06Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2506","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29646","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29611","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29557","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29637","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30075","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30035","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30071","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29996","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29976","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.2993","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29855","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29742","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29679","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29535","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29598","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2506"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:06Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:06Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2506","reference_id":"CVE-2019-2506","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2506"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2506"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqur-e23f-aydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203308?format=json","vulnerability_id":"VCID-dkdd-7m85-kuc7","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2501","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26882","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26755","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26774","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26857","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27185","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27014","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27083","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27129","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27132","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27089","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27031","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2704","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27015","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26978","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26925","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26859","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26714","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26782","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26831","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2501"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:14Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:14Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2501","reference_id":"CVE-2019-2501","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2501"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2501"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkdd-7m85-kuc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203368?format=json","vulnerability_id":"VCID-f847-mc3r-mke3","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:26Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:26Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2555","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29974","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29865","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29886","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29961","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30478","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30347","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30294","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30309","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30292","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30247","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30181","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30065","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29856","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29927","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29936","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2555"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:26Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:26Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2555","reference_id":"CVE-2019-2555","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2555"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2555"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f847-mc3r-mke3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203240?format=json","vulnerability_id":"VCID-ffa4-1vba-zbbc","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:43Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:43Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2446","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36246","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36133","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36156","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36227","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36553","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36645","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36671","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3661","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36656","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36638","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36578","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36354","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36324","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36237","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36121","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3619","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36218","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2446"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:43Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:43Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2446","reference_id":"CVE-2019-2446","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2446"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2446"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffa4-1vba-zbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203339?format=json","vulnerability_id":"VCID-g2r7-1vm7-a7h2","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:13Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2526","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33159","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33027","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33052","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33132","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33406","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33375","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33219","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33122","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33116","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2526"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:13Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:13Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2526","reference_id":"CVE-2019-2526","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2526"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2526"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2r7-1vm7-a7h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203369?format=json","vulnerability_id":"VCID-gm8u-k7vg-fbes","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:25Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:25Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2556","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26835","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26711","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26729","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2681","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2711","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27187","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26979","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27047","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27093","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27096","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27052","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26995","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27004","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26978","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26942","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26893","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26886","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2682","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2667","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26738","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26787","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2556"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:25Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:25Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2556","reference_id":"CVE-2019-2556","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2556"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2556"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gm8u-k7vg-fbes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203367?format=json","vulnerability_id":"VCID-j5x9-e1ds-wfb9","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2554","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29974","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29865","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29886","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29961","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30478","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30347","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30294","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30309","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30292","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30247","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30181","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30065","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29856","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29927","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29936","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2554"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2554","reference_id":"CVE-2019-2554","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2554"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2554"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5x9-e1ds-wfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203330?format=json","vulnerability_id":"VCID-ncnb-yj3d-zqd1","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:19Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2520","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33159","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33027","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33052","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33132","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33406","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33375","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33219","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33122","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33116","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2520"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:19Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:19Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2520","reference_id":"CVE-2019-2520","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2520"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncnb-yj3d-zqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203364?format=json","vulnerability_id":"VCID-nygk-v118-wfa9","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2552","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33159","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33027","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33052","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33132","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33366","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33406","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33375","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33219","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33122","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33116","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2552"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:09Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:56:09Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2552","reference_id":"CVE-2019-2552","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2552"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nygk-v118-wfa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203245?format=json","vulnerability_id":"VCID-quny-rmp6-pygd","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:37Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:37Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2451","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29974","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29865","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29886","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29961","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30478","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30347","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30384","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30294","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30309","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30292","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30247","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30181","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30065","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29856","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29927","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29936","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2451"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:37Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:37Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2451","reference_id":"CVE-2019-2451","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2451"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-quny-rmp6-pygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203315?format=json","vulnerability_id":"VCID-vmc1-vb8g-yqcy","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:04Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:04Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2508","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37923","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38398","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37859","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37835","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37911","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38262","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38421","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38285","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38335","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38361","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38325","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38299","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38347","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38103","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3808","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37986","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37868","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37936","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37948","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2508"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:04Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106568","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:02:04Z/"}],"url":"http://www.securityfocus.com/bid/106568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2508","reference_id":"CVE-2019-2508","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:C"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2508"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2508"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmc1-vb8g-yqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203319?format=json","vulnerability_id":"VCID-x35w-ge5m-rbar","summary":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-02T15:53:29Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-02T15:53:29Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2511","reference_id":"","reference_type":"","scores":[{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.8147","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81409","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81428","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81467","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81218","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.8125","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81249","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81277","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81282","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81303","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81289","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81281","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81319","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81321","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.8132","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81343","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.8135","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81355","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81371","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81391","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.81413","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-2511"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-02T15:53:29Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.securityfocus.com/bid/106574","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-02T15:53:29Z/"}],"url":"http://www.securityfocus.com/bid/106574"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2511","reference_id":"CVE-2019-2511","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-2511"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942218?format=json","purl":"pkg:deb/debian/virtualbox@5.2.24-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2019-2511"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x35w-ge5m-rbar"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@5.2.24-dfsg-1%3Fdistro=sid"}