[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-18420":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":58,"related":59,"reserved_at":9,"published_at":69,"modified_at":70,"state":71,"summary":72,"references_raw":81,"kevs":131,"epss":132,"epss_history":135,"metrics":393,"affected":404},"CVE-2019-18420","An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-134","Use of Externally-Controlled Format String","The product uses a function that accepts a format string as an argument, but the format string originates from an external source.","weakness","Draft","Base","High",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-135","Format String Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-67","String Format Overflow in syslog()",[],[],[],[],[32,34,36,38,40,42,44,46,48,50,52,54,56],{"_key":33},"ALPINE-CVE-2019-18420",{"_key":35},"SUSE-SU-2019:2960-1",{"_key":37},"SUSE-SU-2019:2961-1",{"_key":39},"SUSE-SU-2019:2962-1",{"_key":41},"SUSE-SU-2019:3297-1",{"_key":43},"SUSE-SU-2020:0334-1",{"_key":45},"SUSE-SU-2020:0388-1",{"_key":47},"SUSE-SU-2020:14444-1",{"_key":49},"OPENSUSE-SU-2019:2506-1",{"_key":51},"DSA-4602-1",{"_key":53},"MGASA-2020-0113",{"_key":55},"UBUNTU-CVE-2019-18420",{"_key":57},"DEBIAN-CVE-2019-18420",[],[60,61,62,63,64,65,66,67,68],{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":53},"2019-10-31T13:30:06.000Z","2024-08-05T01:54:14.311Z","Modified",{"cisa_kev":73,"cisa_ransomware":73,"cisa_vendor":9,"epss_severity":74,"epss_score":75,"severity":76,"severity_score":77,"severity_version":78,"severity_source":79,"severity_vector":80,"severity_status":71},false,"low",0.04046,"medium",6.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[82,90,97,103,108,112,116,121,126],{"url":83,"sources":84,"tags":86},"http://xenbits.xen.org/xsa/advisory-296.html",[85,79],"cve.org",[87,88,89],"X Refsource MISC","Patch","Vendor Advisory",{"url":91,"sources":92,"tags":93},"http://www.openwall.com/lists/oss-security/2019/10/31/1",[85,79],[94,95,88,96],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":98,"sources":99,"tags":100},"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html",[85,79],[89,101,102,94,96],"X Refsource SUSE","Broken Link",{"url":104,"sources":105,"tags":106},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/",[85,79],[89,107],"X Refsource FEDORA",{"url":109,"sources":110,"tags":111},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/",[85,79],[89,107],{"url":113,"sources":114,"tags":115},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/",[85,79],[89,107],{"url":117,"sources":118,"tags":119},"https://www.debian.org/security/2020/dsa-4602",[85,79],[89,120,96],"X Refsource DEBIAN",{"url":122,"sources":123,"tags":124},"https://seclists.org/bugtraq/2020/Jan/21",[85,79],[94,125,96],"X Refsource BUGTRAQ",{"url":127,"sources":128,"tags":129},"https://security.gentoo.org/glsa/202003-56",[85,79],[89,130,96],"X Refsource GENTOO",[],{"date":133,"score":75,"percentile":134},"2026-06-03",0.88714,[136,140,142,145,148,151,154,156,159,162,165,168,170,173,176,180,183,186,189,191,194,197,199,201,204,207,210,213,216,218,221,224,227,230,232,234,237,240,243,246,249,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,314,316,319,322,325,328,331,334,337,339,342,345,348,351,353,356,359,362,365,368,371,374,377,380,382,385,387,390],{"date":137,"score":138,"percentile":139},"2025-11-04",0.04252,0.88277,{"date":141,"score":138,"percentile":139},"2025-11-05",{"date":143,"score":138,"percentile":144},"2025-11-06",0.88269,{"date":146,"score":138,"percentile":147},"2025-11-07",0.88275,{"date":149,"score":138,"percentile":150},"2025-11-08",0.88279,{"date":152,"score":138,"percentile":153},"2025-11-09",0.88276,{"date":155,"score":138,"percentile":147},"2025-11-10",{"date":157,"score":138,"percentile":158},"2025-11-11",0.88281,{"date":160,"score":138,"percentile":161},"2025-11-12",0.8829,{"date":163,"score":138,"percentile":164},"2025-11-13",0.88295,{"date":166,"score":138,"percentile":167},"2025-11-14",0.883,{"date":169,"score":138,"percentile":164},"2025-11-15",{"date":171,"score":138,"percentile":172},"2025-11-16",0.88298,{"date":174,"score":138,"percentile":175},"2025-11-17",0.88294,{"date":177,"score":178,"percentile":179},"2025-11-18",0.08543,0.91519,{"date":181,"score":178,"percentile":182},"2025-11-19",0.91523,{"date":184,"score":178,"percentile":185},"2025-11-20",0.91528,{"date":187,"score":138,"percentile":188},"2025-11-21",0.88309,{"date":190,"score":138,"percentile":188},"2025-11-22",{"date":192,"score":138,"percentile":193},"2025-11-23",0.88305,{"date":195,"score":138,"percentile":196},"2025-11-24",0.88304,{"date":198,"score":138,"percentile":193},"2025-11-25",{"date":200,"score":138,"percentile":193},"2025-11-26",{"date":202,"score":138,"percentile":203},"2025-11-27",0.88306,{"date":205,"score":138,"percentile":206},"2025-11-28",0.88297,{"date":208,"score":138,"percentile":209},"2025-11-29",0.88371,{"date":211,"score":138,"percentile":212},"2025-11-30",0.88368,{"date":214,"score":138,"percentile":215},"2025-12-01",0.88428,{"date":217,"score":138,"percentile":215},"2025-12-02",{"date":219,"score":138,"percentile":220},"2025-12-03",0.88426,{"date":222,"score":138,"percentile":223},"2025-12-04",0.88367,{"date":225,"score":138,"percentile":226},"2025-12-05",0.88369,{"date":228,"score":138,"percentile":229},"2025-12-06",0.8837,{"date":231,"score":138,"percentile":226},"2025-12-07",{"date":233,"score":138,"percentile":209},"2025-12-08",{"date":235,"score":138,"percentile":236},"2025-12-09",0.88384,{"date":238,"score":138,"percentile":239},"2025-12-10",0.88402,{"date":241,"score":138,"percentile":242},"2025-12-11",0.88405,{"date":244,"score":138,"percentile":245},"2025-12-12",0.88407,{"date":247,"score":138,"percentile":248},"2025-12-13",0.88408,{"date":250,"score":138,"percentile":245},"2025-12-14",{"date":252,"score":138,"percentile":253},"2025-12-15",0.8841,{"date":255,"score":138,"percentile":256},"2025-12-16",0.88413,{"date":258,"score":138,"percentile":259},"2025-12-17",0.88417,{"date":261,"score":138,"percentile":262},"2025-12-18",0.88421,{"date":264,"score":138,"percentile":265},"2025-12-19",0.88422,{"date":267,"score":138,"percentile":268},"2025-12-20",0.8842,{"date":270,"score":138,"percentile":271},"2025-12-21",0.8843,{"date":273,"score":138,"percentile":274},"2025-12-22",0.88427,{"date":276,"score":138,"percentile":277},"2025-12-23",0.88432,{"date":279,"score":138,"percentile":280},"2025-12-24",0.88437,{"date":282,"score":138,"percentile":283},"2025-12-25",0.88447,{"date":285,"score":138,"percentile":286},"2025-12-26",0.88446,{"date":288,"score":138,"percentile":289},"2025-12-27",0.88492,{"date":291,"score":138,"percentile":292},"2025-12-28",0.88438,{"date":294,"score":138,"percentile":295},"2025-12-29",0.88434,{"date":297,"score":138,"percentile":298},"2025-12-30",0.8844,{"date":300,"score":138,"percentile":301},"2025-12-31",0.8845,{"date":303,"score":138,"percentile":304},"2026-01-01",0.88513,{"date":306,"score":138,"percentile":307},"2026-01-02",0.88509,{"date":309,"score":138,"percentile":310},"2026-01-03",0.88506,{"date":312,"score":138,"percentile":313},"2026-01-04",0.88444,{"date":315,"score":138,"percentile":298},"2026-01-05",{"date":317,"score":138,"percentile":318},"2026-01-06",0.88445,{"date":320,"score":138,"percentile":321},"2026-01-07",0.88448,{"date":323,"score":138,"percentile":324},"2026-01-08",0.88454,{"date":326,"score":138,"percentile":327},"2026-01-09",0.88457,{"date":329,"score":138,"percentile":330},"2026-01-10",0.8846,{"date":332,"score":138,"percentile":333},"2026-01-11",0.88453,{"date":335,"score":138,"percentile":336},"2026-01-12",0.88452,{"date":338,"score":138,"percentile":301},"2026-01-13",{"date":340,"score":138,"percentile":341},"2026-01-14",0.88463,{"date":343,"score":138,"percentile":344},"2026-01-15",0.88465,{"date":346,"score":138,"percentile":347},"2026-01-16",0.88472,{"date":349,"score":138,"percentile":350},"2026-01-17",0.88473,{"date":352,"score":138,"percentile":350},"2026-01-18",{"date":354,"score":138,"percentile":355},"2026-01-19",0.88471,{"date":357,"score":138,"percentile":358},"2026-01-20",0.88474,{"date":360,"score":138,"percentile":361},"2026-01-21",0.88479,{"date":363,"score":138,"percentile":364},"2026-01-22",0.88483,{"date":366,"score":138,"percentile":367},"2026-01-23",0.88497,{"date":369,"score":138,"percentile":370},"2026-01-24",0.88504,{"date":372,"score":138,"percentile":373},"2026-01-25",0.88501,{"date":375,"score":138,"percentile":376},"2026-01-26",0.88502,{"date":378,"score":138,"percentile":379},"2026-01-27",0.88503,{"date":381,"score":138,"percentile":370},"2026-01-28",{"date":383,"score":138,"percentile":384},"2026-01-29",0.8851,{"date":386,"score":138,"percentile":304},"2026-01-30",{"date":388,"score":138,"percentile":389},"2026-01-31",0.88512,{"date":391,"score":138,"percentile":392},"2026-02-01",0.88574,[394],{"source":79,"cvss_v2_0":395,"cvss_v3_0":9,"cvss_v3_1":400,"cvss_v4_0":9},{"baseScore":396,"baseSeverity":9,"vectorString":397,"impactScore":398,"exploitabilityScore":399},6.3,"AV:N/AC:M/Au:S/C:N/I:N/A:C",6.9,6.8,{"baseScore":77,"baseSeverity":401,"vectorString":80,"impactScore":402,"exploitabilityScore":403},"MEDIUM",6,7.2,[405,416,426],{"ecosystem":9,"name":406,"vendor":407,"product":408,"cpe_part":409,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":410},"debian linux","debian","debian_linux","o",[411,414],{"version":412,"is_range":73,"range_type":413,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"version":415,"is_range":73,"range_type":413,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":417,"vendor":418,"product":417,"cpe_part":409,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":419},"fedora","fedoraproject",[420,422,424],{"version":421,"is_range":73,"range_type":413,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"29",{"version":423,"is_range":73,"range_type":413,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"version":425,"is_range":73,"range_type":413,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"31",{"ecosystem":9,"name":427,"vendor":427,"product":427,"cpe_part":409,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"xen",[429],{"version":430,"is_range":431,"range_type":413,"version_start":9,"version_start_type":9,"version_end":432,"version_end_type":433,"fixed_in":9},"lte4.12.1",true,"4.12.1","including"]