[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2015-3456":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":84,"duplicate_of":9,"upstream":85,"downstream":86,"duplicates":139,"related":140,"reserved_at":9,"published_at":149,"modified_at":150,"state":151,"summary":152,"references_raw":160,"kevs":369,"epss":370,"epss_history":373,"metrics":621,"affected":626},"CVE-2015-3456","The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[69],{"_key":70,"name":71,"source":72,"url":73,"maturity":74,"reliability_score":75,"verified":76,"type":77,"platforms":78,"requires_auth":9,"exploitdb":80,"metasploit":9},"37053","QEMU - Floppy Disk Controller (FDC) (PoC)","exploit-database","https://www.exploit-db.com/exploits/37053","poc",0.5,false,"dos",[79],"multiple",{"verified":76,"type":77,"platform":79,"file":81,"codes":82},"exploits/multiple/dos/37053.c",[7,83],"OSVDB-122072",[],[],[87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137],{"_key":88},"RHSA-2015:0998",{"_key":90},"RHSA-2015:0999",{"_key":92},"RHSA-2015:1000",{"_key":94},"RHSA-2015:1001",{"_key":96},"RHSA-2015:1002",{"_key":98},"RHSA-2015:1003",{"_key":100},"RHSA-2015:1004",{"_key":102},"RHSA-2015:1011",{"_key":104},"RHSA-2015:1031",{"_key":106},"OPENSUSE-SU-2024:10196-1",{"_key":108},"SUSE-SU-2015:0896-1",{"_key":110},"SUSE-SU-2015:0923-1",{"_key":112},"USN-2608-1",{"_key":114},"OPENSUSE-SU-2024:10020-1",{"_key":116},"OPENSUSE-SU-2024:10233-1",{"_key":118},"DLA-248-1",{"_key":120},"DLA-249-1",{"_key":122},"DLA-268-1",{"_key":124},"DSA-3259-1",{"_key":126},"DSA-3262-1",{"_key":128},"DSA-3274-1",{"_key":130},"MGASA-2015-0220",{"_key":132},"MGASA-2015-0228",{"_key":134},"MGASA-2016-0098",{"_key":136},"UBUNTU-CVE-2015-3456",{"_key":138},"DEBIAN-CVE-2015-3456",[],[141,142,143,144,145,146,147,148],{"_key":106},{"_key":108},{"_key":110},{"_key":114},{"_key":116},{"_key":130},{"_key":132},{"_key":134},"2015-05-13T18:00:00.000Z","2024-08-06T05:47:57.892Z","Modified",{"cisa_kev":76,"cisa_ransomware":76,"cisa_vendor":9,"epss_severity":153,"epss_score":154,"severity":155,"severity_score":156,"severity_version":157,"severity_source":158,"severity_vector":159,"severity_status":151},"medium",0.19325,"high",7.7,"v2.0","nvd","AV:A/AC:L/Au:S/C:C/I:C/A:C",[161,168,174,179,185,189,194,198,202,207,212,216,220,224,229,233,237,241,245,249,253,257,261,265,270,274,278,283,287,291,295,299,303,307,312,316,320,324,328,332,336,340,344,349,353,357,361,365],{"url":162,"sources":163,"tags":165},"https://www.exploit-db.com/exploits/37053/",[164,158],"cve.org",[166,167],"Exploit","X Refsource EXPLOIT DB",{"url":169,"sources":170,"tags":171},"http://www.securitytracker.com/id/1032306",[164,158],[172,173],"VDB Entry","X Refsource SECTRACK",{"url":175,"sources":176,"tags":177},"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",[164,158],[178],"X Refsource CONFIRM",{"url":180,"sources":181,"tags":182},"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html",[164,158],[183,184],"Vendor Advisory","X Refsource SUSE",{"url":186,"sources":187,"tags":188},"https://kb.juniper.net/JSA10783",[164,158],[178],{"url":190,"sources":191,"tags":192},"http://www.debian.org/security/2015/dsa-3259",[164,158],[183,193],"X Refsource DEBIAN",{"url":195,"sources":196,"tags":197},"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html",[164,158],[183,184],{"url":199,"sources":200,"tags":201},"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html",[164,158],[183,184],{"url":203,"sources":204,"tags":205},"https://security.gentoo.org/glsa/201612-27",[164,158],[183,206],"X Refsource GENTOO",{"url":208,"sources":209,"tags":210},"http://rhn.redhat.com/errata/RHSA-2015-0999.html",[164,158],[183,211],"X Refsource REDHAT",{"url":213,"sources":214,"tags":215},"https://kc.mcafee.com/corporate/index?page=content&id=SB10118",[164,158],[178],{"url":217,"sources":218,"tags":219},"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html",[164,158],[183,184],{"url":221,"sources":222,"tags":223},"http://rhn.redhat.com/errata/RHSA-2015-1001.html",[164,158],[183,211],{"url":225,"sources":226,"tags":227},"http://marc.info/?l=bugtraq&m=143229451215900&w=2",[164,158],[183,228],"X Refsource HP",{"url":230,"sources":231,"tags":232},"http://support.citrix.com/article/CTX201078",[164,158],[178],{"url":234,"sources":235,"tags":236},"http://xenbits.xen.org/xsa/advisory-133.html",[164,158],[178],{"url":238,"sources":239,"tags":240},"http://rhn.redhat.com/errata/RHSA-2015-1003.html",[164,158],[183,211],{"url":242,"sources":243,"tags":244},"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html",[164,158],[183,184],{"url":246,"sources":247,"tags":248},"http://www.securitytracker.com/id/1032917",[164,158],[172,173],{"url":250,"sources":251,"tags":252},"http://marc.info/?l=bugtraq&m=143387998230996&w=2",[164,158],[183,228],{"url":254,"sources":255,"tags":256},"http://rhn.redhat.com/errata/RHSA-2015-0998.html",[164,158],[183,211],{"url":258,"sources":259,"tags":260},"https://www.suse.com/security/cve/CVE-2015-3456.html",[164,158],[178],{"url":262,"sources":263,"tags":264},"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html",[164,158],[183,184],{"url":266,"sources":267,"tags":268},"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html",[164,158],[183,269],"X Refsource FEDORA",{"url":271,"sources":272,"tags":273},"https://bto.bluecoat.com/security-advisory/sa95",[164,158],[178],{"url":275,"sources":276,"tags":277},"http://rhn.redhat.com/errata/RHSA-2015-1004.html",[164,158],[183,211],{"url":279,"sources":280,"tags":281},"http://venom.crowdstrike.com/",[164,158],[282],"X Refsource MISC",{"url":284,"sources":285,"tags":286},"http://rhn.redhat.com/errata/RHSA-2015-1011.html",[164,158],[183,211],{"url":288,"sources":289,"tags":290},"https://support.lenovo.com/us/en/product_security/venom",[164,158],[178],{"url":292,"sources":293,"tags":294},"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html",[164,158],[183,184],{"url":296,"sources":297,"tags":298},"http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c",[164,158],[178],{"url":300,"sources":301,"tags":302},"https://security.gentoo.org/glsa/201604-03",[164,158],[183,206],{"url":304,"sources":305,"tags":306},"http://rhn.redhat.com/errata/RHSA-2015-1002.html",[164,158],[183,211],{"url":308,"sources":309,"tags":310},"http://www.ubuntu.com/usn/USN-2608-1",[164,158],[183,311],"X Refsource UBUNTU",{"url":313,"sources":314,"tags":315},"https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/",[164,158],[178],{"url":317,"sources":318,"tags":319},"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html",[164,158],[183,184],{"url":321,"sources":322,"tags":323},"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693",[164,158],[178],{"url":325,"sources":326,"tags":327},"http://www.securitytracker.com/id/1032311",[164,158],[172,173],{"url":329,"sources":330,"tags":331},"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm",[164,158],[178],{"url":333,"sources":334,"tags":335},"http://www.debian.org/security/2015/dsa-3262",[164,158],[183,193],{"url":337,"sources":338,"tags":339},"https://security.gentoo.org/glsa/201602-01",[164,158],[183,206],{"url":341,"sources":342,"tags":343},"http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html",[164,158],[183,184],{"url":345,"sources":346,"tags":347},"http://www.securityfocus.com/bid/74640",[164,158],[172,348],"X Refsource BID",{"url":350,"sources":351,"tags":352},"http://www.debian.org/security/2015/dsa-3274",[164,158],[183,193],{"url":354,"sources":355,"tags":356},"http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability",[164,158],[178],{"url":358,"sources":359,"tags":360},"https://access.redhat.com/articles/1444903",[164,158],[178],{"url":362,"sources":363,"tags":364},"http://rhn.redhat.com/errata/RHSA-2015-1000.html",[164,158],[183,211],{"url":366,"sources":367,"tags":368},"https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10",[164,158],[282],[],{"date":371,"score":154,"percentile":372},"2026-06-04",0.95492,[374,378,380,383,386,389,392,394,396,399,402,405,407,410,412,415,418,421,424,427,429,432,435,438,441,444,447,451,454,457,460,463,466,468,471,473,476,479,482,485,487,491,494,497,500,502,505,508,510,512,515,518,521,524,527,529,531,533,536,539,541,544,547,549,551,553,556,559,562,565,567,570,573,576,579,582,585,587,589,591,594,597,600,602,605,608,611,614,616,618],{"date":375,"score":376,"percentile":377},"2025-11-04",0.28772,0.96319,{"date":379,"score":376,"percentile":377},"2025-11-05",{"date":381,"score":376,"percentile":382},"2025-11-06",0.96321,{"date":384,"score":376,"percentile":385},"2025-11-07",0.96323,{"date":387,"score":376,"percentile":388},"2025-11-08",0.96325,{"date":390,"score":376,"percentile":391},"2025-11-09",0.96324,{"date":393,"score":376,"percentile":385},"2025-11-10",{"date":395,"score":376,"percentile":391},"2025-11-11",{"date":397,"score":376,"percentile":398},"2025-11-12",0.96326,{"date":400,"score":376,"percentile":401},"2025-11-13",0.96328,{"date":403,"score":376,"percentile":404},"2025-11-14",0.9633,{"date":406,"score":376,"percentile":404},"2025-11-15",{"date":408,"score":376,"percentile":409},"2025-11-16",0.96329,{"date":411,"score":376,"percentile":409},"2025-11-17",{"date":413,"score":376,"percentile":414},"2025-11-18",0.96262,{"date":416,"score":376,"percentile":417},"2025-11-19",0.96263,{"date":419,"score":376,"percentile":420},"2025-11-20",0.96264,{"date":422,"score":376,"percentile":423},"2025-11-21",0.9634,{"date":425,"score":376,"percentile":426},"2025-11-22",0.96341,{"date":428,"score":376,"percentile":423},"2025-11-23",{"date":430,"score":376,"percentile":431},"2025-11-24",0.96344,{"date":433,"score":376,"percentile":434},"2025-11-25",0.96345,{"date":436,"score":376,"percentile":437},"2025-11-26",0.96347,{"date":439,"score":376,"percentile":440},"2025-11-27",0.96348,{"date":442,"score":376,"percentile":443},"2025-11-28",0.96346,{"date":445,"score":376,"percentile":446},"2025-11-29",0.96349,{"date":448,"score":449,"percentile":450},"2025-11-30",0.30185,0.96481,{"date":452,"score":449,"percentile":453},"2025-12-01",0.96512,{"date":455,"score":449,"percentile":456},"2025-12-02",0.96511,{"date":458,"score":449,"percentile":459},"2025-12-03",0.96514,{"date":461,"score":449,"percentile":462},"2025-12-04",0.96483,{"date":464,"score":449,"percentile":465},"2025-12-05",0.96486,{"date":467,"score":449,"percentile":465},"2025-12-06",{"date":469,"score":449,"percentile":470},"2025-12-07",0.96485,{"date":472,"score":449,"percentile":470},"2025-12-08",{"date":474,"score":449,"percentile":475},"2025-12-09",0.96487,{"date":477,"score":449,"percentile":478},"2025-12-10",0.96491,{"date":480,"score":449,"percentile":481},"2025-12-11",0.96494,{"date":483,"score":449,"percentile":484},"2025-12-12",0.96495,{"date":486,"score":449,"percentile":481},"2025-12-13",{"date":488,"score":489,"percentile":490},"2025-12-14",0.36084,0.96927,{"date":492,"score":489,"percentile":493},"2025-12-15",0.9693,{"date":495,"score":489,"percentile":496},"2025-12-16",0.96934,{"date":498,"score":489,"percentile":499},"2025-12-17",0.96937,{"date":501,"score":489,"percentile":499},"2025-12-18",{"date":503,"score":489,"percentile":504},"2025-12-19",0.96938,{"date":506,"score":489,"percentile":507},"2025-12-20",0.9694,{"date":509,"score":489,"percentile":507},"2025-12-21",{"date":511,"score":489,"percentile":507},"2025-12-22",{"date":513,"score":489,"percentile":514},"2025-12-23",0.96941,{"date":516,"score":489,"percentile":517},"2025-12-24",0.96943,{"date":519,"score":489,"percentile":520},"2025-12-25",0.96948,{"date":522,"score":489,"percentile":523},"2025-12-26",0.96947,{"date":525,"score":489,"percentile":526},"2025-12-27",0.96973,{"date":528,"score":489,"percentile":523},"2025-12-28",{"date":530,"score":489,"percentile":523},"2025-12-29",{"date":532,"score":489,"percentile":520},"2025-12-30",{"date":534,"score":489,"percentile":535},"2025-12-31",0.96953,{"date":537,"score":489,"percentile":538},"2026-01-01",0.96981,{"date":540,"score":489,"percentile":538},"2026-01-02",{"date":542,"score":489,"percentile":543},"2026-01-03",0.9698,{"date":545,"score":489,"percentile":546},"2026-01-04",0.96952,{"date":548,"score":489,"percentile":535},"2026-01-05",{"date":550,"score":489,"percentile":535},"2026-01-06",{"date":552,"score":489,"percentile":535},"2026-01-07",{"date":554,"score":489,"percentile":555},"2026-01-08",0.96954,{"date":557,"score":489,"percentile":558},"2026-01-09",0.96956,{"date":560,"score":489,"percentile":561},"2026-01-10",0.96957,{"date":563,"score":489,"percentile":564},"2026-01-11",0.96958,{"date":566,"score":489,"percentile":564},"2026-01-12",{"date":568,"score":489,"percentile":569},"2026-01-13",0.96959,{"date":571,"score":489,"percentile":572},"2026-01-14",0.96961,{"date":574,"score":489,"percentile":575},"2026-01-15",0.96962,{"date":577,"score":489,"percentile":578},"2026-01-16",0.96966,{"date":580,"score":489,"percentile":581},"2026-01-17",0.96968,{"date":583,"score":489,"percentile":584},"2026-01-18",0.96967,{"date":586,"score":489,"percentile":578},"2026-01-19",{"date":588,"score":489,"percentile":581},"2026-01-20",{"date":590,"score":489,"percentile":581},"2026-01-21",{"date":592,"score":489,"percentile":593},"2026-01-22",0.9697,{"date":595,"score":489,"percentile":596},"2026-01-23",0.96974,{"date":598,"score":489,"percentile":599},"2026-01-24",0.96975,{"date":601,"score":489,"percentile":599},"2026-01-25",{"date":603,"score":489,"percentile":604},"2026-01-26",0.96977,{"date":606,"score":489,"percentile":607},"2026-01-27",0.96976,{"date":609,"score":489,"percentile":610},"2026-01-28",0.96978,{"date":612,"score":489,"percentile":613},"2026-01-29",0.96979,{"date":615,"score":489,"percentile":613},"2026-01-30",{"date":617,"score":489,"percentile":613},"2026-01-31",{"date":619,"score":489,"percentile":620},"2026-02-01",0.97004,[622],{"source":158,"cvss_v2_0":623,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":156,"baseSeverity":9,"vectorString":159,"impactScore":624,"exploitabilityScore":625},10,5.1,[627,637,649,655,664],{"ecosystem":9,"name":628,"vendor":628,"product":628,"cpe_part":629,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":630},"qemu","a",[631],{"version":632,"is_range":633,"range_type":634,"version_start":9,"version_start_type":9,"version_end":635,"version_end_type":636,"fixed_in":9},"lte2.3.0",true,"cpe","2.3.0","including",{"ecosystem":9,"name":638,"vendor":639,"product":640,"cpe_part":641,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":642},"enterprise linux","redhat","enterprise_linux","o",[643,645,647],{"version":644,"is_range":76,"range_type":634,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5",{"version":646,"is_range":76,"range_type":634,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0",{"version":648,"is_range":76,"range_type":634,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"ecosystem":9,"name":650,"vendor":639,"product":651,"cpe_part":629,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":652},"enterprise virtualization","enterprise_virtualization",[653],{"version":654,"is_range":76,"range_type":634,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0",{"ecosystem":9,"name":656,"vendor":639,"product":656,"cpe_part":629,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":657},"openstack",[658,660,662,663],{"version":659,"is_range":76,"range_type":634,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0",{"version":661,"is_range":76,"range_type":634,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.0",{"version":646,"is_range":76,"range_type":634,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":648,"is_range":76,"range_type":634,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":665,"vendor":665,"product":665,"cpe_part":641,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":666},"xen",[667],{"version":668,"is_range":76,"range_type":634,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.5.0"]