[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-35517":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":264,"aliases":279,"duplicate_of":9,"upstream":280,"downstream":281,"duplicates":290,"related":291,"reserved_at":9,"published_at":292,"modified_at":293,"state":294,"summary":295,"references_raw":303,"kevs":336,"epss":337,"epss_history":340,"metrics":602,"affected":613},"CVE-2020-35517","A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-269","Improper Privilege Management","The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.","weakness","Draft","Class","Medium",[20,182,260],{"id":21,"name":22,"techniques":23},"CAPEC-122","Privilege Abuse",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1548","Abuse Elevation Control Mechanism",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,61,65,69,73,77,81,85,89,94,98,103,108,112,116,120,125,129,133,137,141,146,150,154,158,162,166,170,174,178],{"id":36,"name":37,"tactic":38},"D3-CI","Configuration Inventory",{"name":39},"Model",{"id":41,"name":42,"tactic":43},"D3-AM","Access Modeling",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DI","Data Inventory",{"name":39},{"id":49,"name":50,"tactic":51},"D3-NTPM","Network Traffic Policy Mapping",{"name":39},{"id":53,"name":54,"tactic":55},"D3-AEM","Application Exception Monitoring",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SCA","System Call Analysis",{"name":56},{"id":62,"name":63,"tactic":64},"D3-SFA","System File Analysis",{"name":56},{"id":66,"name":67,"tactic":68},"D3-FA","File Analysis",{"name":56},{"id":70,"name":71,"tactic":72},"D3-FIM","File Integrity Monitoring",{"name":56},{"id":74,"name":75,"tactic":76},"D3-OPM","Operational Process Monitoring",{"name":56},{"id":78,"name":79,"tactic":80},"D3-DA","Dynamic Analysis",{"name":56},{"id":82,"name":83,"tactic":84},"D3-EFA","Emulated File Analysis",{"name":56},{"id":86,"name":87,"tactic":88},"D3-PSA","Process Spawn Analysis",{"name":56},{"id":90,"name":91,"tactic":92},"D3-FEV","File Eviction",{"name":93},"Evict",{"id":95,"name":96,"tactic":97},"D3-AL","Account Locking",{"name":93},{"id":99,"name":100,"tactic":101},"D3-DF","Decoy File",{"name":102},"Deceive",{"id":104,"name":105,"tactic":106},"D3-FE","File Encryption",{"name":107},"Harden",{"id":109,"name":110,"tactic":111},"D3-AA","Agent Authentication",{"name":107},{"id":113,"name":114,"tactic":115},"D3-CDP","Change Default Password",{"name":107},{"id":117,"name":118,"tactic":119},"D3-SCP","System Configuration Permissions",{"name":107},{"id":121,"name":122,"tactic":123},"D3-RC","Restore Configuration",{"name":124},"Restore",{"id":126,"name":127,"tactic":128},"D3-RF","Restore File",{"name":124},{"id":130,"name":131,"tactic":132},"D3-ULA","Unlock Account",{"name":124},{"id":134,"name":135,"tactic":136},"D3-RUAA","Restore User Account Access",{"name":124},{"id":138,"name":139,"tactic":140},"D3-RD","Restore Database",{"name":124},{"id":142,"name":143,"tactic":144},"D3-SCF","System Call Filtering",{"name":145},"Isolate",{"id":147,"name":148,"tactic":149},"D3-CF","Content Filtering",{"name":145},{"id":151,"name":152,"tactic":153},"D3-LFP","Local File Permissions",{"name":145},{"id":155,"name":156,"tactic":157},"D3-RFAM","Remote File Access Mediation",{"name":145},{"id":159,"name":160,"tactic":161},"D3-CQ","Content Quarantine",{"name":145},{"id":163,"name":164,"tactic":165},"D3-CM","Content Modification",{"name":145},{"id":167,"name":168,"tactic":169},"D3-UAP","User Account Permissions",{"name":145},{"id":171,"name":172,"tactic":173},"D3-EAL","Executable Allowlisting",{"name":145},{"id":175,"name":176,"tactic":177},"D3-EDL","Executable Denylisting",{"name":145},{"id":179,"name":180,"tactic":181},"D3-HBPI","Hardware-based Process Isolation",{"name":145},{"id":183,"name":33,"techniques":184},"CAPEC-233",[185],{"id":25,"name":26,"tactics":186,"countermeasures":189},[187,188],{"id":29,"name":30},{"id":32,"name":33},[190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258],{"id":36,"name":37,"tactic":191},{"name":39},{"id":41,"name":42,"tactic":193},{"name":39},{"id":45,"name":46,"tactic":195},{"name":39},{"id":49,"name":50,"tactic":197},{"name":39},{"id":53,"name":54,"tactic":199},{"name":56},{"id":58,"name":59,"tactic":201},{"name":56},{"id":62,"name":63,"tactic":203},{"name":56},{"id":66,"name":67,"tactic":205},{"name":56},{"id":70,"name":71,"tactic":207},{"name":56},{"id":74,"name":75,"tactic":209},{"name":56},{"id":78,"name":79,"tactic":211},{"name":56},{"id":82,"name":83,"tactic":213},{"name":56},{"id":86,"name":87,"tactic":215},{"name":56},{"id":90,"name":91,"tactic":217},{"name":93},{"id":95,"name":96,"tactic":219},{"name":93},{"id":99,"name":100,"tactic":221},{"name":102},{"id":104,"name":105,"tactic":223},{"name":107},{"id":109,"name":110,"tactic":225},{"name":107},{"id":113,"name":114,"tactic":227},{"name":107},{"id":117,"name":118,"tactic":229},{"name":107},{"id":121,"name":122,"tactic":231},{"name":124},{"id":126,"name":127,"tactic":233},{"name":124},{"id":130,"name":131,"tactic":235},{"name":124},{"id":134,"name":135,"tactic":237},{"name":124},{"id":138,"name":139,"tactic":239},{"name":124},{"id":142,"name":143,"tactic":241},{"name":145},{"id":147,"name":148,"tactic":243},{"name":145},{"id":151,"name":152,"tactic":245},{"name":145},{"id":155,"name":156,"tactic":247},{"name":145},{"id":159,"name":160,"tactic":249},{"name":145},{"id":163,"name":164,"tactic":251},{"name":145},{"id":167,"name":168,"tactic":253},{"name":145},{"id":171,"name":172,"tactic":255},{"name":145},{"id":175,"name":176,"tactic":257},{"name":145},{"id":179,"name":180,"tactic":259},{"name":145},{"id":261,"name":262,"techniques":263},"CAPEC-58","Restful Privilege Elevation",[],[265,274],{"_key":266,"name":267,"source":268,"url":269,"maturity":270,"reliability_score":271,"verified":272,"type":9,"platforms":273,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_BDFEE598E14F168C","Exploit Reference (openwall.com)","reference","https://www.openwall.com/lists/oss-security/2021/01/22/1","unknown",0.2,false,[],{"_key":275,"name":276,"source":268,"url":277,"maturity":270,"reliability_score":271,"verified":272,"type":9,"platforms":278,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_D95D664D684342D3","Exploit Reference (lists.gnu.org)","https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html",[],[],[],[282,284,286,288],{"_key":283},"RHBA-2021:0639",{"_key":285},"RHSA-2021:0711",{"_key":287},"RHSA-2021:0743",{"_key":289},"DEBIAN-CVE-2020-35517",[],[],"2021-01-28T19:13:54.000Z","2024-08-04T17:02:08.231Z","Modified",{"cisa_kev":272,"cisa_ransomware":272,"cisa_vendor":9,"epss_severity":296,"epss_score":297,"severity":298,"severity_score":299,"severity_version":300,"severity_source":301,"severity_vector":302,"severity_status":294},"low",0.00113,"high",8.2,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",[304,312,317,322,325,330],{"url":305,"sources":306,"tags":308},"https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c",[307,301],"cve.org",[309,310,311],"X Refsource MISC","Patch","Third Party Advisory",{"url":313,"sources":314,"tags":315},"https://bugzilla.redhat.com/show_bug.cgi?id=1915823",[307,301],[309,316,310,311],"Issue Tracking",{"url":269,"sources":318,"tags":319},[307,301],[309,320,321,310,311],"Exploit","Mailing List",{"url":277,"sources":323,"tags":324},[307,301],[309,320,321,310,311],{"url":326,"sources":327,"tags":328},"https://security.netapp.com/advisory/ntap-20210312-0002/",[307,301],[329,311],"X Refsource CONFIRM",{"url":331,"sources":332,"tags":333},"https://security.gentoo.org/glsa/202208-27",[307,301],[334,335,311],"Vendor Advisory","X Refsource GENTOO",[],{"date":338,"score":297,"percentile":339},"2026-06-04",0.29472,[341,345,348,351,354,357,360,363,366,369,371,374,377,380,383,387,390,393,396,399,402,405,408,411,414,417,420,423,426,429,431,434,437,440,443,446,449,452,455,458,461,464,467,470,473,476,479,482,485,488,491,493,496,499,502,504,506,509,512,514,517,520,523,526,529,531,534,537,540,543,546,549,551,554,556,559,561,564,567,570,573,575,578,581,584,587,590,593,596,599],{"date":342,"score":343,"percentile":344},"2025-11-04",0.00084,0.25114,{"date":346,"score":343,"percentile":347},"2025-11-05",0.25097,{"date":349,"score":343,"percentile":350},"2025-11-06",0.25103,{"date":352,"score":343,"percentile":353},"2025-11-07",0.25104,{"date":355,"score":343,"percentile":356},"2025-11-08",0.25105,{"date":358,"score":343,"percentile":359},"2025-11-09",0.25065,{"date":361,"score":343,"percentile":362},"2025-11-10",0.25027,{"date":364,"score":343,"percentile":365},"2025-11-11",0.2503,{"date":367,"score":343,"percentile":368},"2025-11-12",0.25055,{"date":370,"score":343,"percentile":368},"2025-11-13",{"date":372,"score":343,"percentile":373},"2025-11-14",0.25048,{"date":375,"score":343,"percentile":376},"2025-11-15",0.25036,{"date":378,"score":343,"percentile":379},"2025-11-16",0.24989,{"date":381,"score":343,"percentile":382},"2025-11-17",0.24945,{"date":384,"score":385,"percentile":386},"2025-11-18",0.00086,0.20846,{"date":388,"score":385,"percentile":389},"2025-11-19",0.20858,{"date":391,"score":385,"percentile":392},"2025-11-20",0.20828,{"date":394,"score":343,"percentile":395},"2025-11-21",0.24868,{"date":397,"score":343,"percentile":398},"2025-11-22",0.24864,{"date":400,"score":343,"percentile":401},"2025-11-23",0.24811,{"date":403,"score":343,"percentile":404},"2025-11-24",0.24782,{"date":406,"score":343,"percentile":407},"2025-11-25",0.24769,{"date":409,"score":343,"percentile":410},"2025-11-26",0.24757,{"date":412,"score":343,"percentile":413},"2025-11-27",0.24756,{"date":415,"score":343,"percentile":416},"2025-11-28",0.24731,{"date":418,"score":343,"percentile":419},"2025-11-29",0.24719,{"date":421,"score":343,"percentile":422},"2025-11-30",0.24695,{"date":424,"score":343,"percentile":425},"2025-12-01",0.24735,{"date":427,"score":343,"percentile":428},"2025-12-02",0.2476,{"date":430,"score":343,"percentile":407},"2025-12-03",{"date":432,"score":343,"percentile":433},"2025-12-04",0.247,{"date":435,"score":343,"percentile":436},"2025-12-05",0.24753,{"date":438,"score":343,"percentile":439},"2025-12-06",0.24754,{"date":441,"score":343,"percentile":442},"2025-12-07",0.24718,{"date":444,"score":343,"percentile":445},"2025-12-08",0.24725,{"date":447,"score":343,"percentile":448},"2025-12-09",0.24786,{"date":450,"score":343,"percentile":451},"2025-12-10",0.24852,{"date":453,"score":343,"percentile":454},"2025-12-11",0.24865,{"date":456,"score":343,"percentile":457},"2025-12-12",0.2488,{"date":459,"score":343,"percentile":460},"2025-12-13",0.24881,{"date":462,"score":343,"percentile":463},"2025-12-14",0.24854,{"date":465,"score":343,"percentile":466},"2025-12-15",0.24826,{"date":468,"score":343,"percentile":469},"2025-12-16",0.24845,{"date":471,"score":343,"percentile":472},"2025-12-17",0.2492,{"date":474,"score":343,"percentile":475},"2025-12-18",0.24979,{"date":477,"score":343,"percentile":478},"2025-12-19",0.24995,{"date":480,"score":343,"percentile":481},"2025-12-20",0.24966,{"date":483,"score":343,"percentile":484},"2025-12-21",0.24914,{"date":486,"score":343,"percentile":487},"2025-12-22",0.24869,{"date":489,"score":343,"percentile":490},"2025-12-23",0.24844,{"date":492,"score":343,"percentile":463},"2025-12-24",{"date":494,"score":343,"percentile":495},"2025-12-25",0.24931,{"date":497,"score":343,"percentile":498},"2025-12-26",0.24917,{"date":500,"score":343,"percentile":501},"2025-12-27",0.24915,{"date":503,"score":343,"percentile":448},"2025-12-28",{"date":505,"score":343,"percentile":413},"2025-12-29",{"date":507,"score":343,"percentile":508},"2025-12-30",0.24751,{"date":510,"score":343,"percentile":511},"2025-12-31",0.24815,{"date":513,"score":343,"percentile":501},"2026-01-01",{"date":515,"score":343,"percentile":516},"2026-01-02",0.24908,{"date":518,"score":343,"percentile":519},"2026-01-03",0.24891,{"date":521,"score":343,"percentile":522},"2026-01-04",0.24794,{"date":524,"score":343,"percentile":525},"2026-01-05",0.24775,{"date":527,"score":343,"percentile":528},"2026-01-06",0.24783,{"date":530,"score":343,"percentile":401},"2026-01-07",{"date":532,"score":343,"percentile":533},"2026-01-08",0.24856,{"date":535,"score":343,"percentile":536},"2026-01-09",0.24833,{"date":538,"score":343,"percentile":539},"2026-01-10",0.24802,{"date":541,"score":343,"percentile":542},"2026-01-11",0.24779,{"date":544,"score":343,"percentile":545},"2026-01-12",0.24743,{"date":547,"score":343,"percentile":548},"2026-01-13",0.24721,{"date":550,"score":343,"percentile":542},"2026-01-14",{"date":552,"score":343,"percentile":553},"2026-01-15",0.24772,{"date":555,"score":343,"percentile":539},"2026-01-16",{"date":557,"score":343,"percentile":558},"2026-01-17",0.24805,{"date":560,"score":343,"percentile":542},"2026-01-18",{"date":562,"score":343,"percentile":563},"2026-01-19",0.24734,{"date":565,"score":343,"percentile":566},"2026-01-20",0.24717,{"date":568,"score":343,"percentile":569},"2026-01-21",0.24665,{"date":571,"score":343,"percentile":572},"2026-01-22",0.24648,{"date":574,"score":343,"percentile":416},"2026-01-23",{"date":576,"score":343,"percentile":577},"2026-01-24",0.24737,{"date":579,"score":343,"percentile":580},"2026-01-25",0.24651,{"date":582,"score":343,"percentile":583},"2026-01-26",0.24553,{"date":585,"score":343,"percentile":586},"2026-01-27",0.24542,{"date":588,"score":343,"percentile":589},"2026-01-28",0.24537,{"date":591,"score":343,"percentile":592},"2026-01-29",0.24494,{"date":594,"score":343,"percentile":595},"2026-01-30",0.24479,{"date":597,"score":343,"percentile":598},"2026-01-31",0.24474,{"date":600,"score":343,"percentile":601},"2026-02-01",0.24522,[603],{"source":301,"cvss_v2_0":604,"cvss_v3_0":9,"cvss_v3_1":609,"cvss_v4_0":9},{"baseScore":605,"baseSeverity":9,"vectorString":606,"impactScore":607,"exploitabilityScore":608},4.6,"AV:L/AC:L/Au:N/C:P/I:P/A:P",6.4,3.9,{"baseScore":299,"baseSeverity":610,"vectorString":302,"impactScore":611,"exploitabilityScore":612},"HIGH",10,3.8,[614],{"ecosystem":9,"name":615,"vendor":615,"product":615,"cpe_part":616,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":617},"qemu","a",[618],{"version":619,"is_range":620,"range_type":621,"version_start":622,"version_start_type":623,"version_end":624,"version_end_type":623,"fixed_in":9},"gte5.0.0_lte5.2.50",true,"cpe","5.0.0","including","5.2.50"]