Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/104192?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "libvirt", "version": "12.3.0-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77550?format=api", "vulnerability_id": "VCID-2hsw-vx7r-wqd5", "summary": "Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2239.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25476", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25576", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=607812", "reference_id": "607812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0615", "reference_id": "RHSA-2010:0615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0615" }, { "reference_url": "https://usn.ubuntu.com/1008-1/", "reference_id": "USN-1008-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1008-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104195?format=api", "purl": "pkg:deb/debian/libvirt@0.8.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-2239" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hsw-vx7r-wqd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77648?format=api", "vulnerability_id": "VCID-4sf9-8j9p-3fgz", "summary": "An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17875", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058", "reference_id": "1066058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263841", "reference_id": "2263841", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263841" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1441", "reference_id": "CVE-2024-1441", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1441" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2560", "reference_id": "RHSA-2024:2560", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2560" }, { "reference_url": "https://usn.ubuntu.com/6734-1/", "reference_id": "USN-6734-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6734-1/" }, { "reference_url": "https://usn.ubuntu.com/6734-2/", "reference_id": "USN-6734-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6734-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104295?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104297?format=api", "purl": "pkg:deb/debian/libvirt@10.1.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@10.1.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-1441" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sf9-8j9p-3fgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77598?format=api", "vulnerability_id": "VCID-522f-y6qx-nfhn", "summary": "The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7823.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7823.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67592", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67633", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160817", "reference_id": "1160817", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160817" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769149", "reference_id": "769149", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769149" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1873", "reference_id": "RHSA-2014:1873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0008", "reference_id": "RHSA-2015:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0008" }, { "reference_url": "https://usn.ubuntu.com/2404-1/", "reference_id": "USN-2404-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2404-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104244?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-7823" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-522f-y6qx-nfhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77642?format=api", "vulnerability_id": "VCID-53fz-t4zs-7kbk", "summary": "A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69698", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69738", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024326", "reference_id": "2024326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1759", "reference_id": "RHSA-2022:1759", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1759" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104291?format=api", "purl": "pkg:deb/debian/libvirt@7.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3975" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53fz-t4zs-7kbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77594?format=api", "vulnerability_id": "VCID-5th2-yymu-x7hm", "summary": "Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1447.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11684", "scoring_system": "epss", "scoring_elements": "0.9381", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11684", "scoring_system": "epss", "scoring_elements": "0.93819", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052957", "reference_id": "1052957", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052957" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735676", "reference_id": "735676", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735676" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0103", "reference_id": "RHSA-2014:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0103" }, { "reference_url": "https://usn.ubuntu.com/2093-1/", "reference_id": "USN-2093-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2093-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104230?format=api", "purl": "pkg:deb/debian/libvirt@1.2.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-1447" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5th2-yymu-x7hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77636?format=api", "vulnerability_id": "VCID-6pj3-mq9g-yye9", "summary": "An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72759", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72797", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12430" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828190", "reference_id": "1828190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828190" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447", "reference_id": "959447", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447" }, { "reference_url": "https://usn.ubuntu.com/4371-1/", "reference_id": "USN-4371-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4371-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104288?format=api", "purl": "pkg:deb/debian/libvirt@6.4.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@6.4.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-12430" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pj3-mq9g-yye9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77621?format=api", "vulnerability_id": "VCID-75av-3nr7-bkh1", "summary": "A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2635.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2635.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55535", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55592", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427090", "reference_id": "1427090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427090" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856313", "reference_id": "856313", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104259?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-2635" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75av-3nr7-bkh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77595?format=api", "vulnerability_id": "VCID-7ezn-r2xq-c7de", "summary": "The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3633.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3633.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02862", "scoring_system": "epss", "scoring_elements": "0.86522", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02862", "scoring_system": "epss", "scoring_elements": "0.86545", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141131", "reference_id": "1141131", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141131" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762203", "reference_id": "762203", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762203" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1352", "reference_id": "RHSA-2014:1352", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1873", "reference_id": "RHSA-2014:1873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1873" }, { "reference_url": "https://usn.ubuntu.com/2366-1/", "reference_id": "USN-2366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2366-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104238?format=api", "purl": "pkg:deb/debian/libvirt@1.2.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.8-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3633" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ezn-r2xq-c7de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77574?format=api", "vulnerability_id": "VCID-7ks5-8e2n-tua4", "summary": "libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4311.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4311.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07125", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07158", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1005332", "reference_id": "1005332", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1005332" }, { "reference_url": "https://security.gentoo.org/glsa/201406-27", "reference_id": "GLSA-201406-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1272", "reference_id": "RHSA-2013:1272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1272" }, { "reference_url": "https://usn.ubuntu.com/1954-1/", "reference_id": "USN-1954-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1954-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104224?format=api", "purl": "pkg:deb/debian/libvirt@1.1.3~rc1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.3~rc1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4311" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ks5-8e2n-tua4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77546?format=api", "vulnerability_id": "VCID-7t26-rv1b-gfca", "summary": "Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5086.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5086.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15036", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1512", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5086" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476560", "reference_id": "476560", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0382", "reference_id": "RHSA-2009:0382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0382" }, { "reference_url": "https://usn.ubuntu.com/694-1/", "reference_id": "USN-694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/694-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104190?format=api", "purl": "pkg:deb/debian/libvirt@0.4.6-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.4.6-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-5086" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7t26-rv1b-gfca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77567?format=api", "vulnerability_id": "VCID-8fmd-jdpb-v7eb", "summary": "The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to \"agent based cpu (un)plug,\" as demonstrated by the \"virsh vcpucount foobar --guest\" command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4154.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4154.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.73057", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.73094", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4154" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717355", "reference_id": "717355", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717355" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=986386", "reference_id": "986386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=986386" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104219?format=api", "purl": "pkg:deb/debian/libvirt@1.1.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4154" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fmd-jdpb-v7eb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77571?format=api", "vulnerability_id": "VCID-8frc-fhvs-bucm", "summary": "The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4296.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4296.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03294", "scoring_system": "epss", "scoring_elements": "0.87437", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03294", "scoring_system": "epss", "scoring_elements": "0.87459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006173", "reference_id": "1006173", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006173" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1272", "reference_id": "RHSA-2013:1272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1272" }, { "reference_url": "https://usn.ubuntu.com/1954-1/", "reference_id": "USN-1954-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1954-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104223?format=api", "purl": "pkg:deb/debian/libvirt@1.1.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4296" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8frc-fhvs-bucm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77632?format=api", "vulnerability_id": "VCID-8u2b-ad6e-ukaw", "summary": "A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3840.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72589", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72629", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3840" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665228", "reference_id": "1665228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2294", "reference_id": "RHSA-2019:2294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2294" }, { "reference_url": "https://usn.ubuntu.com/3909-1/", "reference_id": "USN-3909-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3909-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104281?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-3840" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2b-ad6e-ukaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77606?format=api", "vulnerability_id": "VCID-8wxg-1wr8-rfca", "summary": "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0236.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0236.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66059", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:M/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184431", "reference_id": "1184431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184431" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776065", "reference_id": "776065", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0323", "reference_id": "RHSA-2015:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0323" }, { "reference_url": "https://usn.ubuntu.com/2867-1/", "reference_id": "USN-2867-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2867-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104249?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0236" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wxg-1wr8-rfca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77604?format=api", "vulnerability_id": "VCID-9cft-v9u9-fubh", "summary": "The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8136.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8136.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25071", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25167", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176176", "reference_id": "1176176", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176176" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773856", "reference_id": "773856", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773856" }, { "reference_url": "https://security.gentoo.org/glsa/201412-36", "reference_id": "GLSA-201412-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0323", "reference_id": "RHSA-2015:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0323" }, { "reference_url": "https://usn.ubuntu.com/2867-1/", "reference_id": "USN-2867-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2867-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104246?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8136" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9cft-v9u9-fubh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5836?format=api", "vulnerability_id": "VCID-abdh-e635-17cp", "summary": "privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4141", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41486", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14339" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860069", "reference_id": "1860069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860069" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563", "reference_id": "966563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563" }, { "reference_url": "https://security.archlinux.org/ASA-202009-8", "reference_id": "ASA-202009-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202009-8" }, { "reference_url": "https://security.archlinux.org/AVG-1232", "reference_id": "AVG-1232", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1232" }, { "reference_url": "https://security.gentoo.org/glsa/202101-22", "reference_id": "GLSA-202101-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-22" }, { "reference_url": "https://security.gentoo.org/glsa/202210-06", "reference_id": "GLSA-202210-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3586", "reference_id": "RHSA-2020:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4676", "reference_id": "RHSA-2020:4676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4676" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104289?format=api", "purl": "pkg:deb/debian/libvirt@6.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@6.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14339" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abdh-e635-17cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77639?format=api", "vulnerability_id": "VCID-abee-kgjm-h7gv", "summary": "A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3559.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3559.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5902", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59068", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3559" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962306", "reference_id": "1962306", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104215?format=api", "purl": "pkg:deb/debian/libvirt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3559" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abee-kgjm-h7gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72349?format=api", "vulnerability_id": "VCID-b2th-9tn3-cfes", "summary": "libvirt: Information disclosure via world-readable VM snapshots", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10059", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120119", "reference_id": "1120119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415409", "reference_id": "2415409", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T18:35:16Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415409" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-13193", "reference_id": "CVE-2025-13193", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T18:35:16Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-13193" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104215?format=api", "purl": "pkg:deb/debian/libvirt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104302?format=api", "purl": "pkg:deb/debian/libvirt@11.10.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.10.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-13193" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b2th-9tn3-cfes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77554?format=api", "vulnerability_id": "VCID-b83z-k3uw-sqfs", "summary": "The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of \"security manager private data\" that \"reopens disk probing\" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24363", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24464", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2178" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629128", "reference_id": "629128", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629128" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=709769", "reference_id": "709769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709769" }, { "reference_url": "https://security.gentoo.org/glsa/201202-07", "reference_id": "GLSA-201202-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-07" }, { "reference_url": "https://usn.ubuntu.com/1152-1/", "reference_id": "USN-1152-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1152-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104202?format=api", "purl": "pkg:deb/debian/libvirt@0.9.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-2178" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b83z-k3uw-sqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77614?format=api", "vulnerability_id": "VCID-bes6-jjfw-tbdx", "summary": "libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10746.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10746.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67469", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.6751", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10746" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705507", "reference_id": "1705507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705507" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104256?format=api", "purl": "pkg:deb/debian/libvirt@1.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10746" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bes6-jjfw-tbdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77551?format=api", "vulnerability_id": "VCID-bm6v-rps8-8kbt", "summary": "Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2242.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2242.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19108", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1918", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2242" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2242" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=602455", "reference_id": "602455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0615", "reference_id": "RHSA-2010:0615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0615" }, { "reference_url": "https://usn.ubuntu.com/1008-1/", "reference_id": "USN-1008-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1008-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104195?format=api", "purl": "pkg:deb/debian/libvirt@0.8.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-2242" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bm6v-rps8-8kbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77563?format=api", "vulnerability_id": "VCID-bw47-fewt-2fax", "summary": "Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the \"virsh iface-list --inactive\" command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2218.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2218.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10811", "scoring_system": "epss", "scoring_elements": "0.93493", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10811", "scoring_system": "epss", "scoring_elements": "0.93503", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2218" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2218", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2218" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:P/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714699", "reference_id": "714699", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714699" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=980112", "reference_id": "980112", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=980112" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38622.txt", "reference_id": "CVE-2013-2218;OSVDB-94704", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38622.txt" }, { "reference_url": "https://www.securityfocus.com/bid/60876/info", "reference_id": "CVE-2013-2218;OSVDB-94704", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/60876/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104216?format=api", "purl": "pkg:deb/debian/libvirt@1.1.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2218" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bw47-fewt-2fax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77625?format=api", "vulnerability_id": "VCID-bzyu-42js-e3e6", "summary": "A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10132.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10132.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.79942", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.79967", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10132" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706067", "reference_id": "1706067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706067" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334", "reference_id": "929334", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1264", "reference_id": "RHSA-2019:1264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1268", "reference_id": "RHSA-2019:1268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1455", "reference_id": "RHSA-2019:1455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "reference_url": "https://usn.ubuntu.com/4021-1/", "reference_id": "USN-4021-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4021-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104270?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10132" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bzyu-42js-e3e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77623?format=api", "vulnerability_id": "VCID-cf81-wpvh-kqa2", "summary": "qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5748.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5748.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01494", "scoring_system": "epss", "scoring_elements": "0.81405", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01494", "scoring_system": "epss", "scoring_elements": "0.81432", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528396", "reference_id": "1528396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528396" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700", "reference_id": "887700", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700" }, { "reference_url": "https://security.gentoo.org/glsa/201804-07", "reference_id": "GLSA-201804-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-07" }, { "reference_url": "https://security.gentoo.org/glsa/201804-08", "reference_id": "GLSA-201804-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1396", "reference_id": "RHSA-2018:1396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1929", "reference_id": "RHSA-2018:1929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1929" }, { "reference_url": "https://usn.ubuntu.com/3576-1/", "reference_id": "USN-3576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104264?format=api", "purl": "pkg:deb/debian/libvirt@4.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@4.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5748" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cf81-wpvh-kqa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77643?format=api", "vulnerability_id": "VCID-cjpk-feb2-zqds", "summary": "A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23267", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23351", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535", "reference_id": "1002535", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034195", "reference_id": "2034195", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034195" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104292?format=api", "purl": "pkg:deb/debian/libvirt@7.10.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.10.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-4147" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjpk-feb2-zqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77585?format=api", "vulnerability_id": "VCID-db3h-q8fp-b3ds", "summary": "The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the \"virsh memtune\" command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6436.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20999", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21073", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6436" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042252", "reference_id": "1042252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042252" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://usn.ubuntu.com/2093-1/", "reference_id": "USN-2093-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2093-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104226?format=api", "purl": "pkg:deb/debian/libvirt@1.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6436" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db3h-q8fp-b3ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77592?format=api", "vulnerability_id": "VCID-dqys-qxtq-7yd9", "summary": "libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0028.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0028.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27908", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27976", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0028" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0028", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0028" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048637", "reference_id": "1048637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048637" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://usn.ubuntu.com/2093-1/", "reference_id": "USN-2093-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2093-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104230?format=api", "purl": "pkg:deb/debian/libvirt@1.2.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0028" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dqys-qxtq-7yd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77651?format=api", "vulnerability_id": "VCID-ej3h-nbzx-euhv", "summary": "A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being \"freed\" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4418.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00626", "scoring_system": "epss", "scoring_elements": "0.70624", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4418" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070330", "reference_id": "1070330", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070330" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278616", "reference_id": "2278616", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:25:15Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278616" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4418", "reference_id": "CVE-2024-4418", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:25:15Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4351", "reference_id": "RHSA-2024:4351", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:25:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4432", "reference_id": "RHSA-2024:4432", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:25:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4757", "reference_id": "RHSA-2024:4757", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:25:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4757" }, { "reference_url": "https://usn.ubuntu.com/6763-1/", "reference_id": "USN-6763-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6763-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104215?format=api", "purl": "pkg:deb/debian/libvirt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104300?format=api", "purl": "pkg:deb/debian/libvirt@10.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@10.3.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-4418" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ej3h-nbzx-euhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77630?format=api", "vulnerability_id": "VCID-etr9-c84d-vuhr", "summary": "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45272", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.4534", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720118", "reference_id": "1720118", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720118" }, { "reference_url": "https://security.gentoo.org/glsa/202003-18", "reference_id": "GLSA-202003-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1579", "reference_id": "RHSA-2019:1579", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1580", "reference_id": "RHSA-2019:1580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1699", "reference_id": "RHSA-2019:1699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1762", "reference_id": "RHSA-2019:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1762" }, { "reference_url": "https://usn.ubuntu.com/4047-1/", "reference_id": "USN-4047-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4047-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104273?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10168" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-etr9-c84d-vuhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77652?format=api", "vulnerability_id": "VCID-fswc-9ddx-c7d7", "summary": "A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8235.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23136", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8235" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080218", "reference_id": "1080218", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080218" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308680", "reference_id": "2308680", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T17:10:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308680" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8235", "reference_id": "CVE-2024-8235", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T17:10:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9128", "reference_id": "RHSA-2024:9128", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T17:10:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:9128" }, { "reference_url": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/X6WOVCL6QF3FQRFIIXL736RFZVSUWLWJ/", "reference_id": "X6WOVCL6QF3FQRFIIXL736RFZVSUWLWJ", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T17:10:46Z/" } ], "url": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/X6WOVCL6QF3FQRFIIXL736RFZVSUWLWJ/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104215?format=api", "purl": "pkg:deb/debian/libvirt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104301?format=api", "purl": "pkg:deb/debian/libvirt@10.7.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@10.7.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-8235" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fswc-9ddx-c7d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77575?format=api", "vulnerability_id": "VCID-g2pc-1es2-3qer", "summary": "The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4399.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4399.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72531", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72571", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4399" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015214", "reference_id": "1015214", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015214" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104223?format=api", "purl": "pkg:deb/debian/libvirt@1.1.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4399" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2pc-1es2-3qer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77587?format=api", "vulnerability_id": "VCID-g3k9-1rc3-xfhu", "summary": "The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to \"paths under /proc/$PID/root\" and the virInitctlSetRunLevel function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6456.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6456.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47227", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6456" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048627", "reference_id": "1048627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048627" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394", "reference_id": "732394", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://usn.ubuntu.com/2209-1/", "reference_id": "USN-2209-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2209-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104229?format=api", "purl": "pkg:deb/debian/libvirt@1.2.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6456" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3k9-1rc3-xfhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77596?format=api", "vulnerability_id": "VCID-g59s-kpjm-dbbg", "summary": "The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3657.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01284", "scoring_system": "epss", "scoring_elements": "0.79947", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01284", "scoring_system": "epss", "scoring_elements": "0.79973", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145667", "reference_id": "1145667", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1352", "reference_id": "RHSA-2014:1352", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1873", "reference_id": "RHSA-2014:1873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1873" }, { "reference_url": "https://usn.ubuntu.com/2404-1/", "reference_id": "USN-2404-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2404-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104240?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3657" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g59s-kpjm-dbbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77601?format=api", "vulnerability_id": "VCID-g94m-69qv-8kgk", "summary": "The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a \"virsh vol-upload\" command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8135.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8135.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20935", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2101", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176182", "reference_id": "1176182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176182" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773855", "reference_id": "773855", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773855" }, { "reference_url": "https://security.gentoo.org/glsa/201412-36", "reference_id": "GLSA-201412-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104246?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8135" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g94m-69qv-8kgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77649?format=api", "vulnerability_id": "VCID-gneu-b3qk-q7e4", "summary": "A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07697", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461", "reference_id": "1067461", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270115", "reference_id": "2270115", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270115" }, { "reference_url": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/", "reference_id": "BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/" } ], "url": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-2494", "reference_id": "CVE-2024-2494", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-2494" }, { "reference_url": "https://security.gentoo.org/glsa/202412-16", "reference_id": "GLSA-202412-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2560", "reference_id": "RHSA-2024:2560", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3253", "reference_id": "RHSA-2024:3253", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3253" }, { "reference_url": "https://usn.ubuntu.com/6734-1/", "reference_id": "USN-6734-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6734-1/" }, { "reference_url": "https://usn.ubuntu.com/6734-2/", "reference_id": "USN-6734-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6734-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104295?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104298?format=api", "purl": "pkg:deb/debian/libvirt@10.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@10.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-2494" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gneu-b3qk-q7e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72580?format=api", "vulnerability_id": "VCID-gt15-erjf-tucj", "summary": "libvirt: Denial of service in XML parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12748.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12748.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28814", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12748" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120584", "reference_id": "1120584", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120584" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413801", "reference_id": "2413801", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T14:40:15Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413801" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.2", "reference_id": "cpe:/o:redhat:enterprise_linux:10.2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-12748", "reference_id": "CVE-2025-12748", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T14:40:15Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-12748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18326", "reference_id": "RHSA-2026:18326", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T14:40:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:18326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18748", "reference_id": "RHSA-2026:18748", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T14:40:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:18748" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104302?format=api", "purl": "pkg:deb/debian/libvirt@11.10.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.10.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-12748" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gt15-erjf-tucj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77548?format=api", "vulnerability_id": "VCID-h2s4-zbk4-dbgk", "summary": "Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2237.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21596", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21675", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2237" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=607810", "reference_id": "607810", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607810" }, { "reference_url": "https://usn.ubuntu.com/1008-1/", "reference_id": "USN-1008-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1008-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104195?format=api", "purl": "pkg:deb/debian/libvirt@0.8.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-2237" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2s4-zbk4-dbgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77583?format=api", "vulnerability_id": "VCID-h8hd-mdcx-tben", "summary": "The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5651.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5651.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70919", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70961", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5651" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006493", "reference_id": "1006493", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006493" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://usn.ubuntu.com/1954-1/", "reference_id": "USN-1954-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1954-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104220?format=api", "purl": "pkg:deb/debian/libvirt@1.1.2~rc1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.2~rc1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-5651" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8hd-mdcx-tben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77616?format=api", "vulnerability_id": "VCID-j5b5-zjxe-ffhu", "summary": "libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5008.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5008.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5008", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84448", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84472", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5008" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1351514", "reference_id": "1351514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1351514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2577", "reference_id": "RHSA-2016:2577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2577" }, { "reference_url": "https://usn.ubuntu.com/3576-1/", "reference_id": "USN-3576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104257?format=api", "purl": "pkg:deb/debian/libvirt@2.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@2.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-5008" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5b5-zjxe-ffhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77641?format=api", "vulnerability_id": "VCID-j71z-t8bh-wbb4", "summary": "An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63249", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63292", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094", "reference_id": "1986094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594", "reference_id": "991594", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594" }, { "reference_url": "https://security.archlinux.org/AVG-2230", "reference_id": "AVG-2230", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2230" }, { "reference_url": "https://security.gentoo.org/glsa/202210-06", "reference_id": "GLSA-202210-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3703", "reference_id": "RHSA-2021:3703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3704", "reference_id": "RHSA-2021:3704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4191", "reference_id": "RHSA-2021:4191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4191" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104291?format=api", "purl": "pkg:deb/debian/libvirt@7.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3667" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j71z-t8bh-wbb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77562?format=api", "vulnerability_id": "VCID-j9tq-2vq5-cqdm", "summary": "The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests \"to list all volumes for the particular pool.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1962.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03779", "scoring_system": "epss", "scoring_elements": "0.88263", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03779", "scoring_system": "epss", "scoring_elements": "0.88282", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=953107", "reference_id": "953107", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953107" }, { "reference_url": "https://security.gentoo.org/glsa/201309-18", "reference_id": "GLSA-201309-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0831", "reference_id": "RHSA-2013:0831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0831" }, { "reference_url": "https://usn.ubuntu.com/1895-1/", "reference_id": "USN-1895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1895-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104215?format=api", "purl": "pkg:deb/debian/libvirt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1962" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j9tq-2vq5-cqdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77628?format=api", "vulnerability_id": "VCID-jtjs-y7k7-r7ae", "summary": "It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33654", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33755", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720114", "reference_id": "1720114", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720114" }, { "reference_url": "https://security.gentoo.org/glsa/202003-18", "reference_id": "GLSA-202003-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1579", "reference_id": "RHSA-2019:1579", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1580", "reference_id": "RHSA-2019:1580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1699", "reference_id": "RHSA-2019:1699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1762", "reference_id": "RHSA-2019:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1762" }, { "reference_url": "https://usn.ubuntu.com/4047-1/", "reference_id": "USN-4047-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4047-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104273?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10166" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtjs-y7k7-r7ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77572?format=api", "vulnerability_id": "VCID-jzhx-dfgg-37ct", "summary": "The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4297.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4297.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69276", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69316", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4297" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006505", "reference_id": "1006505", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006505" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104221?format=api", "purl": "pkg:deb/debian/libvirt@1.1.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4297" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzhx-dfgg-37ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77611?format=api", "vulnerability_id": "VCID-k2ku-9mx2-b3a9", "summary": "Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5313.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5313.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17967", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18046", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5313" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277121", "reference_id": "1277121", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277121" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808273", "reference_id": "808273", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808273" }, { "reference_url": "https://security.gentoo.org/glsa/201612-10", "reference_id": "GLSA-201612-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2577", "reference_id": "RHSA-2016:2577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2577" }, { "reference_url": "https://usn.ubuntu.com/2867-1/", "reference_id": "USN-2867-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2867-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104255?format=api", "purl": "pkg:deb/debian/libvirt@1.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.3.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5313" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2ku-9mx2-b3a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5888?format=api", "vulnerability_id": "VCID-kjnb-e6nd-wudn", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10703", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72162", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72203", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10703" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816650", "reference_id": "1816650", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816650" }, { "reference_url": "https://security.archlinux.org/AVG-1174", "reference_id": "AVG-1174", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4000", "reference_id": "RHSA-2020:4000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4676", "reference_id": "RHSA-2020:4676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4676" }, { "reference_url": "https://usn.ubuntu.com/4371-1/", "reference_id": "USN-4371-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4371-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104278?format=api", "purl": "pkg:deb/debian/libvirt@6.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@6.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-10703" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjnb-e6nd-wudn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77564?format=api", "vulnerability_id": "VCID-kn2h-kurp-pbcc", "summary": "The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving \"multiple events registration.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2230.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69276", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69316", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2230" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715559", "reference_id": "715559", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715559" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=981476", "reference_id": "981476", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981476" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104218?format=api", "purl": "pkg:deb/debian/libvirt@1.1.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2230" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kn2h-kurp-pbcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77568?format=api", "vulnerability_id": "VCID-kqsz-xg9j-ukeu", "summary": "The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4239.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69276", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69316", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4239" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719533", "reference_id": "719533", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719533" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=996241", "reference_id": "996241", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996241" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104220?format=api", "purl": "pkg:deb/debian/libvirt@1.1.2~rc1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.2~rc1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4239" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsz-xg9j-ukeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77599?format=api", "vulnerability_id": "VCID-kta6-5pt1-27at", "summary": "The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8131.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59385", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59436", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8131" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172569", "reference_id": "1172569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172569" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773858", "reference_id": "773858", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773858" }, { "reference_url": "https://security.gentoo.org/glsa/201412-36", "reference_id": "GLSA-201412-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104246?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kta6-5pt1-27at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77631?format=api", "vulnerability_id": "VCID-mtgm-vqw9-1ubf", "summary": "qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20485", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40896", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40973", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20485" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809740", "reference_id": "1809740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809740" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078", "reference_id": "953078", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4000", "reference_id": "RHSA-2020:4000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4676", "reference_id": "RHSA-2020:4676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4676" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104278?format=api", "purl": "pkg:deb/debian/libvirt@6.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@6.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-20485" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtgm-vqw9-1ubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77645?format=api", "vulnerability_id": "VCID-mw8d-1bcc-p7e5", "summary": "A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2700.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2700.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2700", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12948", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2700" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036297", "reference_id": "1036297", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036297" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203653", "reference_id": "2203653", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:55:49Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203653" }, { "reference_url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306", "reference_id": "6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:55:49Z/" } ], "url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2700", "reference_id": "CVE-2023-2700", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:55:49Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-2700" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/", "reference_id": "EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:55:49Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/" }, { "reference_url": "https://security.gentoo.org/glsa/202412-16", "reference_id": "GLSA-202412-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-16" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0001/", "reference_id": "ntap-20230706-0001", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:55:49Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3715", "reference_id": "RHSA-2023:3715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3715" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3822", "reference_id": "RHSA-2023:3822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4799", "reference_id": "RHSA-2023:4799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4799" }, { "reference_url": "https://usn.ubuntu.com/6126-1/", "reference_id": "USN-6126-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6126-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104215?format=api", "purl": "pkg:deb/debian/libvirt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104294?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-2700" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mw8d-1bcc-p7e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77634?format=api", "vulnerability_id": "VCID-myg3-46rj-3qax", "summary": "A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10701", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47648", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47712", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10701" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163", "reference_id": "1819163", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841", "reference_id": "955841", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104286?format=api", "purl": "pkg:deb/debian/libvirt@6.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@6.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-10701" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-myg3-46rj-3qax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77591?format=api", "vulnerability_id": "VCID-mzv1-uhwm-fqd2", "summary": "The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7336.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7336.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20999", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21073", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7336" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7336", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7336" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077620", "reference_id": "1077620", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077620" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://usn.ubuntu.com/2209-1/", "reference_id": "USN-2209-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2209-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104223?format=api", "purl": "pkg:deb/debian/libvirt@1.1.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-7336" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mzv1-uhwm-fqd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77622?format=api", "vulnerability_id": "VCID-n2nm-knaw-gkgx", "summary": "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1064.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1064.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80923", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80952", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672", "reference_id": "1550672", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1396", "reference_id": "RHSA-2018:1396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1929", "reference_id": "RHSA-2018:1929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1929" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104262?format=api", "purl": "pkg:deb/debian/libvirt@4.1.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@4.1.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1064" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2nm-knaw-gkgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77589?format=api", "vulnerability_id": "VCID-p3ja-7zqb-mybj", "summary": "The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6457.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6457.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6457", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33032", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33135", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6457" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048629", "reference_id": "1048629", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048629" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://usn.ubuntu.com/2093-1/", "reference_id": "USN-2093-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2093-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104230?format=api", "purl": "pkg:deb/debian/libvirt@1.2.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6457" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p3ja-7zqb-mybj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77626?format=api", "vulnerability_id": "VCID-pqyk-2c8e-5yh5", "summary": "It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49462", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49525", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720115", "reference_id": "1720115", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720115" }, { "reference_url": "https://security.gentoo.org/glsa/202003-18", "reference_id": "GLSA-202003-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1578", "reference_id": "RHSA-2019:1578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1578" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1579", "reference_id": "RHSA-2019:1579", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1580", "reference_id": "RHSA-2019:1580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1699", "reference_id": "RHSA-2019:1699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1762", "reference_id": "RHSA-2019:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1762" }, { "reference_url": "https://usn.ubuntu.com/4047-1/", "reference_id": "USN-4047-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4047-1/" }, { "reference_url": "https://usn.ubuntu.com/4047-2/", "reference_id": "USN-4047-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4047-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104273?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10161" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqyk-2c8e-5yh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7269?format=api", "vulnerability_id": "VCID-psr7-vapd-6udz", "summary": "information disclosure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20842", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20917", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2", "reference_id": "15073504dbb624d3f6c911e85557019d3620fdb2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2" }, { "reference_url": "https://gitlab.com/libvirt/libvirt/-/issues/153", "reference_id": "153", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://gitlab.com/libvirt/libvirt/-/issues/153" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977726", "reference_id": "1977726", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977726" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709", "reference_id": "990709", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709" }, { "reference_url": "https://security.archlinux.org/AVG-2124", "reference_id": "AVG-2124", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2124" }, { "reference_url": "https://security.gentoo.org/glsa/202210-06", "reference_id": "GLSA-202210-06", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://security.gentoo.org/glsa/202210-06" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html", "reference_id": "msg00000.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220331-0010/", "reference_id": "ntap-20220331-0010", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220331-0010/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3631", "reference_id": "RHSA-2021:3631", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2021:3631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3703", "reference_id": "RHSA-2021:3703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3704", "reference_id": "RHSA-2021:3704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4191", "reference_id": "RHSA-2021:4191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4191" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104291?format=api", "purl": "pkg:deb/debian/libvirt@7.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3631" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psr7-vapd-6udz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77644?format=api", "vulnerability_id": "VCID-q2ng-jgm7-8uc9", "summary": "A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23204", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23286", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075", "reference_id": "1009075", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063883", "reference_id": "2063883", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063883" }, { "reference_url": "https://security.gentoo.org/glsa/202210-06", "reference_id": "GLSA-202210-06", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/" } ], "url": "https://security.gentoo.org/glsa/202210-06" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html", "reference_id": "msg00000.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7472", "reference_id": "RHSA-2022:7472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8003", "reference_id": "RHSA-2022:8003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8003" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" }, { "reference_url": "https://usn.ubuntu.com/6126-1/", "reference_id": "USN-6126-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6126-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104293?format=api", "purl": "pkg:deb/debian/libvirt@8.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@8.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-0897" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2ng-jgm7-8uc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77552?format=api", "vulnerability_id": "VCID-q38b-cmvy-gybh", "summary": "libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1146.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01556", "scoring_system": "epss", "scoring_elements": "0.81779", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01556", "scoring_system": "epss", "scoring_elements": "0.81813", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1146" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773", "reference_id": "617773", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=683650", "reference_id": "683650", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683650" }, { "reference_url": "https://security.gentoo.org/glsa/201202-07", "reference_id": "GLSA-201202-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0391", "reference_id": "RHSA-2011:0391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0391" }, { "reference_url": "https://usn.ubuntu.com/1094-1/", "reference_id": "USN-1094-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1094-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104199?format=api", "purl": "pkg:deb/debian/libvirt@0.8.8-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.8-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1146" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q38b-cmvy-gybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77569?format=api", "vulnerability_id": "VCID-qpvd-b2ru-d7a3", "summary": "The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4291.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1466", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14733", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4291" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006509", "reference_id": "1006509", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006509" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104221?format=api", "purl": "pkg:deb/debian/libvirt@1.1.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4291" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpvd-b2ru-d7a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77570?format=api", "vulnerability_id": "VCID-qtct-kbdm-z7ed", "summary": "libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4292.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4292.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2115", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21231", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4292" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4292", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4292" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002666", "reference_id": "1002666", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002666" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721325", "reference_id": "721325", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721325" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104222?format=api", "purl": "pkg:deb/debian/libvirt@1.1.2~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.2~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4292" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtct-kbdm-z7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77565?format=api", "vulnerability_id": "VCID-qw96-udhq-q7b6", "summary": "Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the \"virsh vcpucount dom --guest\" command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4153.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70998", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.7104", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4153" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717354", "reference_id": "717354", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=986383", "reference_id": "986383", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=986383" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104219?format=api", "purl": "pkg:deb/debian/libvirt@1.1.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4153" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qw96-udhq-q7b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3904?format=api", "vulnerability_id": "VCID-r61c-726k-bfh5", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30936", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31003", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25637" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037", "reference_id": "1881037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555", "reference_id": "971555", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555" }, { "reference_url": "https://security.archlinux.org/ASA-202101-42", "reference_id": "ASA-202101-42", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-42" }, { "reference_url": "https://security.archlinux.org/AVG-1240", "reference_id": "AVG-1240", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1240" }, { "reference_url": "https://security.gentoo.org/glsa/202210-06", "reference_id": "GLSA-202210-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5040", "reference_id": "RHSA-2020:5040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5111", "reference_id": "RHSA-2020:5111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1762", "reference_id": "RHSA-2021:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1762" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104290?format=api", "purl": "pkg:deb/debian/libvirt@6.8.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@6.8.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-25637" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r61c-726k-bfh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77638?format=api", "vulnerability_id": "VCID-rk28-atvy-tug1", "summary": "Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35708", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35804", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15708" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866270", "reference_id": "1866270", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866270" }, { "reference_url": "https://usn.ubuntu.com/4452-1/", "reference_id": "USN-4452-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4452-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104215?format=api", "purl": "pkg:deb/debian/libvirt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15708" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rk28-atvy-tug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77578?format=api", "vulnerability_id": "VCID-rrcc-k1cq-5ugw", "summary": "virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4400.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4400.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16795", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16876", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4400" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015228", "reference_id": "1015228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015228" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727101", "reference_id": "727101", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727101" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104223?format=api", "purl": "pkg:deb/debian/libvirt@1.1.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4400" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrcc-k1cq-5ugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77561?format=api", "vulnerability_id": "VCID-swqk-4gu6-nkdq", "summary": "libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1766.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17823", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17901", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1766" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1766" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701649", "reference_id": "701649", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701649" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=915718", "reference_id": "915718", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915718" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104213?format=api", "purl": "pkg:deb/debian/libvirt@0.9.12-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1766" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swqk-4gu6-nkdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77633?format=api", "vulnerability_id": "VCID-t296-efx6-1yba", "summary": "An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3886.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3886.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64617", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64658", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3886" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3886", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3886" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694880", "reference_id": "1694880", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694880" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418", "reference_id": "926418", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418" }, { "reference_url": "https://usn.ubuntu.com/4021-1/", "reference_id": "USN-4021-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4021-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104283?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-3886" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t296-efx6-1yba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77624?format=api", "vulnerability_id": "VCID-t414-nm3b-cfev", "summary": "util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11115", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11203", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6764" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541444", "reference_id": "1541444", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889839", "reference_id": "889839", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889839" }, { "reference_url": "https://security.gentoo.org/glsa/201804-07", "reference_id": "GLSA-201804-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3113", "reference_id": "RHSA-2018:3113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3113" }, { "reference_url": "https://usn.ubuntu.com/3576-1/", "reference_id": "USN-3576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104267?format=api", "purl": "pkg:deb/debian/libvirt@4.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@4.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-6764" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t414-nm3b-cfev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77607?format=api", "vulnerability_id": "VCID-tk2g-6m19-yqg3", "summary": "libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34534", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34632", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245647", "reference_id": "1245647", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245647" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796111", "reference_id": "796111", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2577", "reference_id": "RHSA-2016:2577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104251?format=api", "purl": "pkg:deb/debian/libvirt@2.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@2.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5160" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tk2g-6m19-yqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77557?format=api", "vulnerability_id": "VCID-trpf-3d81-r3g8", "summary": "libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2693.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2693.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18727", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18805", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2693" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677496", "reference_id": "677496", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677496" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=831164", "reference_id": "831164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0748", "reference_id": "RHSA-2012:0748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0127", "reference_id": "RHSA-2013:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0127" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104207?format=api", "purl": "pkg:deb/debian/libvirt@0.9.12-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2693" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-trpf-3d81-r3g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77590?format=api", "vulnerability_id": "VCID-u1x7-9n1d-8qb3", "summary": "Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6458.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6458.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75943", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75969", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048631", "reference_id": "1048631", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048631" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734556", "reference_id": "734556", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734556" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0103", "reference_id": "RHSA-2014:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0103" }, { "reference_url": "https://usn.ubuntu.com/2093-1/", "reference_id": "USN-2093-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2093-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104230?format=api", "purl": "pkg:deb/debian/libvirt@1.2.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6458" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1x7-9n1d-8qb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77646?format=api", "vulnerability_id": "VCID-ujup-1ktj-47ax", "summary": "A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31007", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3750" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041811", "reference_id": "1041811", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041811" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222210", "reference_id": "2222210", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T17:10:30Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222210" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-3750", "reference_id": "CVE-2023-3750", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T17:10:30Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-3750" }, { "reference_url": "https://security.gentoo.org/glsa/202412-16", "reference_id": "GLSA-202412-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6409", "reference_id": "RHSA-2023:6409", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T17:10:30Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:6409" }, { "reference_url": "https://usn.ubuntu.com/6253-1/", "reference_id": "USN-6253-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6253-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104215?format=api", "purl": "pkg:deb/debian/libvirt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104295?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104296?format=api", "purl": "pkg:deb/debian/libvirt@9.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-3750" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujup-1ktj-47ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77581?format=api", "vulnerability_id": "VCID-urzt-z32b-97dp", "summary": "The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4401.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.81214", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.81242", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259", "reference_id": "1015259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727101", "reference_id": "727101", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727101" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://usn.ubuntu.com/2026-1/", "reference_id": "USN-2026-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2026-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104223?format=api", "purl": "pkg:deb/debian/libvirt@1.1.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.1.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4401" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urzt-z32b-97dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77629?format=api", "vulnerability_id": "VCID-v25d-upc8-wfh4", "summary": "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37323", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37414", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720117", "reference_id": "1720117", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720117" }, { "reference_url": "https://security.gentoo.org/glsa/202003-18", "reference_id": "GLSA-202003-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1579", "reference_id": "RHSA-2019:1579", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1580", "reference_id": "RHSA-2019:1580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1699", "reference_id": "RHSA-2019:1699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1762", "reference_id": "RHSA-2019:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1762" }, { "reference_url": "https://usn.ubuntu.com/4047-1/", "reference_id": "USN-4047-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4047-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104273?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10167" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v25d-upc8-wfh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77597?format=api", "vulnerability_id": "VCID-vsx2-9wna-nuf2", "summary": "libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5177.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29631", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.297", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290", "reference_id": "1088290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0914", "reference_id": "RHSA-2014:0914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0914" }, { "reference_url": "https://usn.ubuntu.com/2366-1/", "reference_id": "USN-2366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2366-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104234?format=api", "purl": "pkg:deb/debian/libvirt@1.2.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-5177" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vsx2-9wna-nuf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77555?format=api", "vulnerability_id": "VCID-weet-hgv1-7bb9", "summary": "Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2511.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03415", "scoring_system": "epss", "scoring_elements": "0.8766", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03415", "scoring_system": "epss", "scoring_elements": "0.87681", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2511" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630", "reference_id": "633630", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=717199", "reference_id": "717199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=717199" }, { "reference_url": "https://security.gentoo.org/glsa/201202-07", "reference_id": "GLSA-201202-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1019", "reference_id": "RHSA-2011:1019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1197", "reference_id": "RHSA-2011:1197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1197" }, { "reference_url": "https://usn.ubuntu.com/1180-1/", "reference_id": "USN-1180-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1180-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104204?format=api", "purl": "pkg:deb/debian/libvirt@0.9.2-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.2-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-2511" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-weet-hgv1-7bb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77650?format=api", "vulnerability_id": "VCID-wtyd-7ppt-23cj", "summary": "A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18729", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2496" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269672", "reference_id": "2269672", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269672" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-2496", "reference_id": "CVE-2024-2496", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-2496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2236", "reference_id": "RHSA-2024:2236", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2236" }, { "reference_url": "https://usn.ubuntu.com/6734-1/", "reference_id": "USN-6734-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6734-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104295?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104299?format=api", "purl": "pkg:deb/debian/libvirt@9.8.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.8.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-2496" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wtyd-7ppt-23cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77608?format=api", "vulnerability_id": "VCID-x248-nq74-wbbs", "summary": "The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5247.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60351", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60398", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5247" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259350", "reference_id": "1259350", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259350" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799132", "reference_id": "799132", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799132" }, { "reference_url": "https://usn.ubuntu.com/2867-1/", "reference_id": "USN-2867-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2867-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104254?format=api", "purl": "pkg:deb/debian/libvirt@1.2.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.20-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5247" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x248-nq74-wbbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77549?format=api", "vulnerability_id": "VCID-xkb6-5bav-f7ep", "summary": "Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2238.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2238.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21596", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21675", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2238" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=607811", "reference_id": "607811", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607811" }, { "reference_url": "https://usn.ubuntu.com/1008-1/", "reference_id": "USN-1008-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1008-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104195?format=api", "purl": "pkg:deb/debian/libvirt@0.8.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-2238" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xkb6-5bav-f7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77559?format=api", "vulnerability_id": "VCID-xkb7-cjga-pybw", "summary": "The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a \"gap\" in the RPC dispatch table.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4423.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4423.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4423", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.86538", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.8656", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4423" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4423" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687598", "reference_id": "687598", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687598" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=857133", "reference_id": "857133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1359", "reference_id": "RHSA-2012:1359", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1359" }, { "reference_url": "https://usn.ubuntu.com/1708-1/", "reference_id": "USN-1708-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1708-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104210?format=api", "purl": "pkg:deb/debian/libvirt@0.9.12-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4423" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xkb7-cjga-pybw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77556?format=api", "vulnerability_id": "VCID-xxtc-8yjh-73h8", "summary": "The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4600.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4600.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4600", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57769", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57821", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4600" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4600" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=765964", "reference_id": "765964", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=765964" }, { "reference_url": "https://usn.ubuntu.com/2867-1/", "reference_id": "USN-2867-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2867-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104205?format=api", "purl": "pkg:deb/debian/libvirt@0.9.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-4600" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxtc-8yjh-73h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77547?format=api", "vulnerability_id": "VCID-y435-b4r1-ekdg", "summary": "Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0036.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0036.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0036", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50386", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50447", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0036" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=484947", "reference_id": "484947", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484947" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/8534.c", "reference_id": "CVE-2009-0036;OSVDB-51866", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/8534.c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0382", "reference_id": "RHSA-2009:0382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0382" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104194?format=api", "purl": "pkg:deb/debian/libvirt@0.5.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.5.1-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-0036" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y435-b4r1-ekdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77593?format=api", "vulnerability_id": "VCID-yb4y-39u3-eufg", "summary": "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28286", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28358", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290", "reference_id": "1088290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0560", "reference_id": "RHSA-2014:0560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0914", "reference_id": "RHSA-2014:0914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0914" }, { "reference_url": "https://usn.ubuntu.com/2366-1/", "reference_id": "USN-2366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2366-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104234?format=api", "purl": "pkg:deb/debian/libvirt@1.2.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0179" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yb4y-39u3-eufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77553?format=api", "vulnerability_id": "VCID-yhk7-v8zt-hbev", "summary": "libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1486.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1486.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1486", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75364", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75393", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1486" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1486", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1486" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623222", "reference_id": "623222", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623222" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391", "reference_id": "693391", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391" }, { "reference_url": "https://security.gentoo.org/glsa/201202-07", "reference_id": "GLSA-201202-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0478", "reference_id": "RHSA-2011:0478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0479", "reference_id": "RHSA-2011:0479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0479" }, { "reference_url": "https://usn.ubuntu.com/1152-1/", "reference_id": "USN-1152-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1152-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104200?format=api", "purl": "pkg:deb/debian/libvirt@0.9.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1486" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhk7-v8zt-hbev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77558?format=api", "vulnerability_id": "VCID-ys1x-s4vn-tffu", "summary": "The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3445.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3445.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3445", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80232", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80257", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3445" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3445" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683483", "reference_id": "683483", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683483" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=844734", "reference_id": "844734", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1202", "reference_id": "RHSA-2012:1202", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1202" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104208?format=api", "purl": "pkg:deb/debian/libvirt@0.9.12-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3445" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ys1x-s4vn-tffu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77637?format=api", "vulnerability_id": "VCID-yug2-qf4t-wfcc", "summary": "An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14301.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14301.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65923", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65975", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14301" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848640", "reference_id": "1848640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4676", "reference_id": "RHSA-2020:4676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4676" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104215?format=api", "purl": "pkg:deb/debian/libvirt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14301" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yug2-qf4t-wfcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77560?format=api", "vulnerability_id": "VCID-yxud-sjwj-afh1", "summary": "Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0170.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0170.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2022", "scoring_system": "epss", "scoring_elements": "0.95622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.2022", "scoring_system": "epss", "scoring_elements": "0.95627", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0170" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699224", "reference_id": "699224", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699224" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450", "reference_id": "893450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450" }, { "reference_url": "https://security.gentoo.org/glsa/201309-18", "reference_id": "GLSA-201309-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0199", "reference_id": "RHSA-2013:0199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0199" }, { "reference_url": "https://usn.ubuntu.com/1708-1/", "reference_id": "USN-1708-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1708-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104212?format=api", "purl": "pkg:deb/debian/libvirt@0.9.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0170" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yxud-sjwj-afh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77618?format=api", "vulnerability_id": "VCID-ztu1-8yz5-tyc6", "summary": "libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000256.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73915", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73951", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503658", "reference_id": "1503658", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503658" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799", "reference_id": "878799", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799" }, { "reference_url": "https://usn.ubuntu.com/3576-1/", "reference_id": "USN-3576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104258?format=api", "purl": "pkg:deb/debian/libvirt@3.8.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.8.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104191?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104189?format=api", "purl": "pkg:deb/debian/libvirt@9.0.0-4%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@9.0.0-4%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104193?format=api", "purl": "pkg:deb/debian/libvirt@11.3.0-3%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104192?format=api", "purl": "pkg:deb/debian/libvirt@12.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000256" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztu1-8yz5-tyc6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@12.3.0-1%3Fdistro=trixie" }