[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-20815":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":70,"downstream":71,"duplicates":126,"related":127,"reserved_at":9,"published_at":142,"modified_at":143,"state":144,"summary":145,"references_raw":154,"kevs":211,"epss":212,"epss_history":215,"metrics":477,"affected":486},"CVE-2018-20815","In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[],[],[72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124],{"_key":73},"SUSE-SU-2019:1268-1",{"_key":75},"RHSA-2019:1667",{"_key":77},"RHSA-2019:1723",{"_key":79},"RHSA-2019:1743",{"_key":81},"RHSA-2019:1881",{"_key":83},"RHSA-2019:1968",{"_key":85},"RHSA-2019:2507",{"_key":87},"OPENSUSE-SU-2024:11287-1",{"_key":89},"SUSE-SU-2019:1238-1",{"_key":91},"SUSE-SU-2019:1239-1",{"_key":93},"SUSE-SU-2019:1269-1",{"_key":95},"SUSE-SU-2019:1272-1",{"_key":97},"SUSE-SU-2019:1348-1",{"_key":99},"SUSE-SU-2019:1349-1",{"_key":101},"SUSE-SU-2019:1371-1",{"_key":103},"SUSE-SU-2019:14052-1",{"_key":105},"SUSE-SU-2019:14053-1",{"_key":107},"SUSE-SU-2019:14063-1",{"_key":109},"SUSE-SU-2019:14201-1",{"_key":111},"UBUNTU-CVE-2018-20815",{"_key":113},"OPENSUSE-SU-2019:1405-1",{"_key":115},"DLA-1781-1",{"_key":117},"DSA-4506-1",{"_key":119},"DEBIAN-CVE-2018-20815",{"_key":121},"RHSA-2019:1175",{"_key":123},"RHSA-2019:2553",{"_key":125},"USN-3978-1",[],[128,129,130,131,132,133,134,135,136,137,138,139,140,141],{"_key":73},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},{"_key":97},{"_key":99},{"_key":101},{"_key":103},{"_key":105},{"_key":107},{"_key":109},{"_key":113},"2019-05-31T21:40:01.000Z","2024-08-05T12:12:27.153Z","Modified",{"cisa_kev":146,"cisa_ransomware":146,"cisa_vendor":9,"epss_severity":147,"epss_score":148,"severity":149,"severity_score":150,"severity_version":151,"severity_source":152,"severity_vector":153,"severity_status":144},false,"low",0.03497,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[155,161,167,172,176,180,184,188,192,196,200,206],{"url":156,"sources":157,"tags":159},"https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17",[158,152],"cve.org",[160],"X Refsource MISC",{"url":162,"sources":163,"tags":164},"https://access.redhat.com/errata/RHSA-2019:1667",[158,152],[165,166],"Vendor Advisory","X Refsource REDHAT",{"url":168,"sources":169,"tags":170},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/",[158,152],[165,171],"X Refsource FEDORA",{"url":173,"sources":174,"tags":175},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/",[158,152],[165,171],{"url":177,"sources":178,"tags":179},"https://access.redhat.com/errata/RHSA-2019:1723",[158,152],[165,166],{"url":181,"sources":182,"tags":183},"https://access.redhat.com/errata/RHSA-2019:1743",[158,152],[165,166],{"url":185,"sources":186,"tags":187},"https://access.redhat.com/errata/RHSA-2019:1881",[158,152],[165,166],{"url":189,"sources":190,"tags":191},"https://access.redhat.com/errata/RHSA-2019:1968",[158,152],[165,166],{"url":193,"sources":194,"tags":195},"https://access.redhat.com/errata/RHSA-2019:2507",[158,152],[165,166],{"url":197,"sources":198,"tags":199},"https://access.redhat.com/errata/RHSA-2019:2553",[158,152],[165,166],{"url":201,"sources":202,"tags":203},"https://seclists.org/bugtraq/2019/Aug/41",[158,152],[204,205],"Mailing List","X Refsource BUGTRAQ",{"url":207,"sources":208,"tags":209},"https://www.debian.org/security/2019/dsa-4506",[158,152],[165,210],"X Refsource DEBIAN",[],{"date":213,"score":148,"percentile":214},"2026-06-04",0.87815,[216,220,222,225,228,231,234,237,240,243,246,249,252,254,257,261,264,267,270,273,276,279,282,284,287,290,293,295,298,301,304,306,309,312,314,317,320,323,326,329,331,335,338,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,385,388,391,393,396,399,403,406,409,412,414,416,418,420,423,426,429,432,435,438,441,444,447,450,453,456,459,462,465,468,471,474],{"date":217,"score":218,"percentile":219},"2025-11-04",0.01604,0.811,{"date":221,"score":218,"percentile":219},"2025-11-05",{"date":223,"score":218,"percentile":224},"2025-11-06",0.81102,{"date":226,"score":218,"percentile":227},"2025-11-07",0.81113,{"date":229,"score":218,"percentile":230},"2025-11-08",0.81121,{"date":232,"score":218,"percentile":233},"2025-11-09",0.81118,{"date":235,"score":218,"percentile":236},"2025-11-10",0.81112,{"date":238,"score":218,"percentile":239},"2025-11-11",0.81119,{"date":241,"score":218,"percentile":242},"2025-11-12",0.81131,{"date":244,"score":218,"percentile":245},"2025-11-13",0.81138,{"date":247,"score":218,"percentile":248},"2025-11-14",0.81142,{"date":250,"score":218,"percentile":251},"2025-11-15",0.81139,{"date":253,"score":218,"percentile":251},"2025-11-16",{"date":255,"score":218,"percentile":256},"2025-11-17",0.81137,{"date":258,"score":259,"percentile":260},"2025-11-18",0.03469,0.86349,{"date":262,"score":259,"percentile":263},"2025-11-19",0.8635,{"date":265,"score":259,"percentile":266},"2025-11-20",0.86352,{"date":268,"score":218,"percentile":269},"2025-11-21",0.81153,{"date":271,"score":218,"percentile":272},"2025-11-22",0.81156,{"date":274,"score":218,"percentile":275},"2025-11-23",0.81147,{"date":277,"score":218,"percentile":278},"2025-11-24",0.81148,{"date":280,"score":218,"percentile":281},"2025-11-25",0.81152,{"date":283,"score":218,"percentile":269},"2025-11-26",{"date":285,"score":218,"percentile":286},"2025-11-27",0.81159,{"date":288,"score":218,"percentile":289},"2025-11-28",0.8115,{"date":291,"score":218,"percentile":292},"2025-11-29",0.81155,{"date":294,"score":218,"percentile":286},"2025-11-30",{"date":296,"score":218,"percentile":297},"2025-12-01",0.81242,{"date":299,"score":218,"percentile":300},"2025-12-02",0.81246,{"date":302,"score":218,"percentile":303},"2025-12-03",0.81245,{"date":305,"score":218,"percentile":286},"2025-12-04",{"date":307,"score":218,"percentile":308},"2025-12-05",0.81167,{"date":310,"score":218,"percentile":311},"2025-12-06",0.81168,{"date":313,"score":218,"percentile":311},"2025-12-07",{"date":315,"score":218,"percentile":316},"2025-12-08",0.8117,{"date":318,"score":218,"percentile":319},"2025-12-09",0.81188,{"date":321,"score":218,"percentile":322},"2025-12-10",0.81214,{"date":324,"score":218,"percentile":325},"2025-12-11",0.81225,{"date":327,"score":218,"percentile":328},"2025-12-12",0.81237,{"date":330,"score":218,"percentile":328},"2025-12-13",{"date":332,"score":333,"percentile":334},"2025-12-14",0.02918,0.8594,{"date":336,"score":333,"percentile":337},"2025-12-15",0.85934,{"date":339,"score":333,"percentile":334},"2025-12-16",{"date":341,"score":333,"percentile":342},"2025-12-17",0.85946,{"date":344,"score":333,"percentile":345},"2025-12-18",0.85951,{"date":347,"score":333,"percentile":348},"2025-12-19",0.85955,{"date":350,"score":333,"percentile":351},"2025-12-20",0.85952,{"date":353,"score":333,"percentile":354},"2025-12-21",0.85957,{"date":356,"score":333,"percentile":357},"2025-12-22",0.85949,{"date":359,"score":333,"percentile":360},"2025-12-23",0.85953,{"date":362,"score":333,"percentile":363},"2025-12-24",0.85958,{"date":365,"score":333,"percentile":366},"2025-12-25",0.85971,{"date":368,"score":333,"percentile":369},"2025-12-26",0.85972,{"date":371,"score":333,"percentile":372},"2025-12-27",0.86022,{"date":374,"score":333,"percentile":375},"2025-12-28",0.85965,{"date":377,"score":333,"percentile":378},"2025-12-29",0.85959,{"date":380,"score":333,"percentile":381},"2025-12-30",0.85968,{"date":383,"score":333,"percentile":384},"2025-12-31",0.85976,{"date":386,"score":333,"percentile":387},"2026-01-01",0.86035,{"date":389,"score":333,"percentile":390},"2026-01-02",0.86036,{"date":392,"score":333,"percentile":387},"2026-01-03",{"date":394,"score":333,"percentile":395},"2026-01-04",0.85975,{"date":397,"score":333,"percentile":398},"2026-01-05",0.85974,{"date":400,"score":401,"percentile":402},"2026-01-06",0.03933,0.8797,{"date":404,"score":401,"percentile":405},"2026-01-07",0.87972,{"date":407,"score":401,"percentile":408},"2026-01-08",0.87978,{"date":410,"score":401,"percentile":411},"2026-01-09",0.87977,{"date":413,"score":401,"percentile":408},"2026-01-10",{"date":415,"score":401,"percentile":405},"2026-01-11",{"date":417,"score":401,"percentile":402},"2026-01-12",{"date":419,"score":401,"percentile":402},"2026-01-13",{"date":421,"score":401,"percentile":422},"2026-01-14",0.87983,{"date":424,"score":401,"percentile":425},"2026-01-15",0.87987,{"date":427,"score":401,"percentile":428},"2026-01-16",0.87991,{"date":430,"score":401,"percentile":431},"2026-01-17",0.87992,{"date":433,"score":401,"percentile":434},"2026-01-18",0.87993,{"date":436,"score":401,"percentile":437},"2026-01-19",0.8799,{"date":439,"score":401,"percentile":440},"2026-01-20",0.87989,{"date":442,"score":401,"percentile":443},"2026-01-21",0.87995,{"date":445,"score":401,"percentile":446},"2026-01-22",0.88,{"date":448,"score":401,"percentile":449},"2026-01-23",0.88012,{"date":451,"score":401,"percentile":452},"2026-01-24",0.88019,{"date":454,"score":401,"percentile":455},"2026-01-25",0.88016,{"date":457,"score":401,"percentile":458},"2026-01-26",0.88013,{"date":460,"score":401,"percentile":461},"2026-01-27",0.88015,{"date":463,"score":401,"percentile":464},"2026-01-28",0.88017,{"date":466,"score":401,"percentile":467},"2026-01-29",0.88021,{"date":469,"score":401,"percentile":470},"2026-01-30",0.88026,{"date":472,"score":401,"percentile":473},"2026-01-31",0.88023,{"date":475,"score":401,"percentile":476},"2026-02-01",0.88089,[478],{"source":152,"cvss_v2_0":479,"cvss_v3_0":484,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":480,"baseSeverity":9,"vectorString":481,"impactScore":482,"exploitabilityScore":483},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":150,"baseSeverity":485,"vectorString":153,"impactScore":150,"exploitabilityScore":483},"CRITICAL",[487],{"ecosystem":9,"name":488,"vendor":488,"product":488,"cpe_part":489,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":490},"qemu","a",[491],{"version":492,"is_range":146,"range_type":493,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.1.0","cpe"]