Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/6323?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/6323?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9", "type": "deb", "namespace": "debian", "name": "libvirt", "version": "1.2.9-9", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "11.3.0-2~bpo12+1", "latest_non_vulnerable_version": "11.3.0-2~bpo12+1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77648?format=api", "vulnerability_id": "VCID-4sf9-8j9p-3fgz", "summary": "An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17875", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17871", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058", "reference_id": "1066058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263841", "reference_id": "2263841", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263841" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1441", "reference_id": "CVE-2024-1441", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1441" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2560", "reference_id": "RHSA-2024:2560", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2560" }, { "reference_url": "https://usn.ubuntu.com/6734-1/", "reference_id": "USN-6734-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6734-1/" }, { "reference_url": "https://usn.ubuntu.com/6734-2/", "reference_id": "USN-6734-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6734-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2024-1441" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sf9-8j9p-3fgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77642?format=api", "vulnerability_id": "VCID-53fz-t4zs-7kbk", "summary": "A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69698", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69738", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69746", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024326", "reference_id": "2024326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1759", "reference_id": "RHSA-2022:1759", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1759" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2021-3975" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53fz-t4zs-7kbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77636?format=api", "vulnerability_id": "VCID-6pj3-mq9g-yye9", "summary": "An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72759", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72797", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00717", "scoring_system": "epss", "scoring_elements": "0.72805", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12430" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828190", "reference_id": "1828190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828190" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447", "reference_id": "959447", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447" }, { "reference_url": "https://usn.ubuntu.com/4371-1/", "reference_id": "USN-4371-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4371-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12430" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pj3-mq9g-yye9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77621?format=api", "vulnerability_id": "VCID-75av-3nr7-bkh1", "summary": "A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2635.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2635.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55535", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55592", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55597", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427090", "reference_id": "1427090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427090" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856313", "reference_id": "856313", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6326?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1" } ], "aliases": [ "CVE-2017-2635" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75av-3nr7-bkh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77632?format=api", "vulnerability_id": "VCID-8u2b-ad6e-ukaw", "summary": "A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3840.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72589", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72629", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72636", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3840" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665228", "reference_id": "1665228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2294", "reference_id": "RHSA-2019:2294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2294" }, { "reference_url": "https://usn.ubuntu.com/3909-1/", "reference_id": "USN-3909-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3909-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2019-3840" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2b-ad6e-ukaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5836?format=api", "vulnerability_id": "VCID-abdh-e635-17cp", "summary": "privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4141", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41486", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41491", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14339" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860069", "reference_id": "1860069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860069" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563", "reference_id": "966563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563" }, { "reference_url": "https://security.archlinux.org/ASA-202009-8", "reference_id": "ASA-202009-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202009-8" }, { "reference_url": "https://security.archlinux.org/AVG-1232", "reference_id": "AVG-1232", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1232" }, { "reference_url": "https://security.gentoo.org/glsa/202101-22", "reference_id": "GLSA-202101-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-22" }, { "reference_url": "https://security.gentoo.org/glsa/202210-06", "reference_id": "GLSA-202210-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3586", "reference_id": "RHSA-2020:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4676", "reference_id": "RHSA-2020:4676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4676" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2020-14339" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abdh-e635-17cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77614?format=api", "vulnerability_id": "VCID-bes6-jjfw-tbdx", "summary": "libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10746.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10746.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67469", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.6751", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67517", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10746" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705507", "reference_id": "1705507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705507" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6326?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1" } ], "aliases": [ "CVE-2016-10746" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bes6-jjfw-tbdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77625?format=api", "vulnerability_id": "VCID-bzyu-42js-e3e6", "summary": "A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10132.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10132.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.79942", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.79967", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.79972", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10132" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706067", "reference_id": "1706067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706067" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334", "reference_id": "929334", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1264", "reference_id": "RHSA-2019:1264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1268", "reference_id": "RHSA-2019:1268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1455", "reference_id": "RHSA-2019:1455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "reference_url": "https://usn.ubuntu.com/4021-1/", "reference_id": "USN-4021-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4021-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2019-10132" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bzyu-42js-e3e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77623?format=api", "vulnerability_id": "VCID-cf81-wpvh-kqa2", "summary": "qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5748.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5748.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01494", "scoring_system": "epss", "scoring_elements": "0.81405", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01494", "scoring_system": "epss", "scoring_elements": "0.81432", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01494", "scoring_system": "epss", "scoring_elements": "0.81435", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528396", "reference_id": "1528396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528396" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700", "reference_id": "887700", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700" }, { "reference_url": "https://security.gentoo.org/glsa/201804-07", "reference_id": "GLSA-201804-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-07" }, { "reference_url": "https://security.gentoo.org/glsa/201804-08", "reference_id": "GLSA-201804-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1396", "reference_id": "RHSA-2018:1396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1929", "reference_id": "RHSA-2018:1929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1929" }, { "reference_url": "https://usn.ubuntu.com/3576-1/", "reference_id": "USN-3576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2018-5748" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cf81-wpvh-kqa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77643?format=api", "vulnerability_id": "VCID-cjpk-feb2-zqds", "summary": "A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23267", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23351", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23336", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535", "reference_id": "1002535", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034195", "reference_id": "2034195", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034195" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2021-4147" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjpk-feb2-zqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77630?format=api", "vulnerability_id": "VCID-etr9-c84d-vuhr", "summary": "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45272", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.4534", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45345", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720118", "reference_id": "1720118", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720118" }, { "reference_url": "https://security.gentoo.org/glsa/202003-18", "reference_id": "GLSA-202003-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1579", "reference_id": "RHSA-2019:1579", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1580", "reference_id": "RHSA-2019:1580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1699", "reference_id": "RHSA-2019:1699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1762", "reference_id": "RHSA-2019:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1762" }, { "reference_url": "https://usn.ubuntu.com/4047-1/", "reference_id": "USN-4047-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4047-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2019-10168" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-etr9-c84d-vuhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77649?format=api", "vulnerability_id": "VCID-gneu-b3qk-q7e4", "summary": "A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07697", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07709", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461", "reference_id": "1067461", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270115", "reference_id": "2270115", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270115" }, { "reference_url": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/", "reference_id": "BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/" } ], "url": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-2494", "reference_id": "CVE-2024-2494", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-2494" }, { "reference_url": "https://security.gentoo.org/glsa/202412-16", "reference_id": "GLSA-202412-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2560", "reference_id": "RHSA-2024:2560", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3253", "reference_id": "RHSA-2024:3253", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3253" }, { "reference_url": "https://usn.ubuntu.com/6734-1/", "reference_id": "USN-6734-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6734-1/" }, { "reference_url": "https://usn.ubuntu.com/6734-2/", "reference_id": "USN-6734-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6734-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2024-2494" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gneu-b3qk-q7e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77616?format=api", "vulnerability_id": "VCID-j5b5-zjxe-ffhu", "summary": "libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5008.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5008.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5008", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84448", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84472", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02119", "scoring_system": "epss", "scoring_elements": "0.84475", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5008" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1351514", "reference_id": "1351514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1351514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2577", "reference_id": "RHSA-2016:2577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2577" }, { "reference_url": "https://usn.ubuntu.com/3576-1/", "reference_id": "USN-3576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6325?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/6326?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1" } ], "aliases": [ "CVE-2016-5008" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5b5-zjxe-ffhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77641?format=api", "vulnerability_id": "VCID-j71z-t8bh-wbb4", "summary": "An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63249", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63292", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.633", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094", "reference_id": "1986094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594", "reference_id": "991594", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594" }, { "reference_url": "https://security.archlinux.org/AVG-2230", "reference_id": "AVG-2230", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2230" }, { "reference_url": "https://security.gentoo.org/glsa/202210-06", "reference_id": "GLSA-202210-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3703", "reference_id": "RHSA-2021:3703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3704", "reference_id": "RHSA-2021:3704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4191", "reference_id": "RHSA-2021:4191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4191" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2021-3667" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j71z-t8bh-wbb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77628?format=api", "vulnerability_id": "VCID-jtjs-y7k7-r7ae", "summary": "It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33654", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33755", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33768", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720114", "reference_id": "1720114", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720114" }, { "reference_url": "https://security.gentoo.org/glsa/202003-18", "reference_id": "GLSA-202003-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1579", "reference_id": "RHSA-2019:1579", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1580", "reference_id": "RHSA-2019:1580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1699", "reference_id": "RHSA-2019:1699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1762", "reference_id": "RHSA-2019:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1762" }, { "reference_url": "https://usn.ubuntu.com/4047-1/", "reference_id": "USN-4047-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4047-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2019-10166" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtjs-y7k7-r7ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77611?format=api", "vulnerability_id": "VCID-k2ku-9mx2-b3a9", "summary": "Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5313.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5313.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17967", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18046", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5313" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277121", "reference_id": "1277121", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277121" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808273", "reference_id": "808273", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808273" }, { "reference_url": "https://security.gentoo.org/glsa/201612-10", "reference_id": "GLSA-201612-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2577", "reference_id": "RHSA-2016:2577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2577" }, { "reference_url": "https://usn.ubuntu.com/2867-1/", "reference_id": "USN-2867-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2867-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6326?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1" } ], "aliases": [ "CVE-2015-5313" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2ku-9mx2-b3a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5888?format=api", "vulnerability_id": "VCID-kjnb-e6nd-wudn", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10703", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72162", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72203", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.7221", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10703" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816650", "reference_id": "1816650", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816650" }, { "reference_url": "https://security.archlinux.org/AVG-1174", "reference_id": "AVG-1174", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4000", "reference_id": "RHSA-2020:4000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4676", "reference_id": "RHSA-2020:4676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4676" }, { "reference_url": "https://usn.ubuntu.com/4371-1/", "reference_id": "USN-4371-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4371-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2020-10703" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjnb-e6nd-wudn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77631?format=api", "vulnerability_id": "VCID-mtgm-vqw9-1ubf", "summary": "qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20485", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40896", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40973", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40977", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20485" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809740", "reference_id": "1809740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809740" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078", "reference_id": "953078", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4000", "reference_id": "RHSA-2020:4000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4676", "reference_id": "RHSA-2020:4676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4676" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2019-20485" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtgm-vqw9-1ubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77634?format=api", "vulnerability_id": "VCID-myg3-46rj-3qax", "summary": "A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10701", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47648", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47712", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47713", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10701" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163", "reference_id": "1819163", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841", "reference_id": "955841", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2020-10701" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-myg3-46rj-3qax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77622?format=api", "vulnerability_id": "VCID-n2nm-knaw-gkgx", "summary": "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1064.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1064.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80923", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80952", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80954", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672", "reference_id": "1550672", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1396", "reference_id": "RHSA-2018:1396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1929", "reference_id": "RHSA-2018:1929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1929" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6325?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/6327?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2018-1064" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2nm-knaw-gkgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77626?format=api", "vulnerability_id": "VCID-pqyk-2c8e-5yh5", "summary": "It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49462", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49525", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49536", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720115", "reference_id": "1720115", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720115" }, { "reference_url": "https://security.gentoo.org/glsa/202003-18", "reference_id": "GLSA-202003-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1578", "reference_id": "RHSA-2019:1578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1578" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1579", "reference_id": "RHSA-2019:1579", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1580", "reference_id": "RHSA-2019:1580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1699", "reference_id": "RHSA-2019:1699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1762", "reference_id": "RHSA-2019:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1762" }, { "reference_url": "https://usn.ubuntu.com/4047-1/", "reference_id": "USN-4047-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4047-1/" }, { "reference_url": "https://usn.ubuntu.com/4047-2/", "reference_id": "USN-4047-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4047-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6327?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2019-10161" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqyk-2c8e-5yh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7269?format=api", "vulnerability_id": "VCID-psr7-vapd-6udz", "summary": "information disclosure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20917", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20842", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20903", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2", "reference_id": "15073504dbb624d3f6c911e85557019d3620fdb2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2" }, { "reference_url": "https://gitlab.com/libvirt/libvirt/-/issues/153", "reference_id": "153", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://gitlab.com/libvirt/libvirt/-/issues/153" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977726", "reference_id": "1977726", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977726" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709", "reference_id": "990709", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709" }, { "reference_url": "https://security.archlinux.org/AVG-2124", "reference_id": "AVG-2124", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2124" }, { "reference_url": "https://security.gentoo.org/glsa/202210-06", "reference_id": "GLSA-202210-06", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://security.gentoo.org/glsa/202210-06" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html", "reference_id": "msg00000.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220331-0010/", "reference_id": "ntap-20220331-0010", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220331-0010/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3631", "reference_id": "RHSA-2021:3631", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2021:3631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3703", "reference_id": "RHSA-2021:3703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3704", "reference_id": "RHSA-2021:3704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4191", "reference_id": "RHSA-2021:4191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4191" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2021-3631" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psr7-vapd-6udz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77644?format=api", "vulnerability_id": "VCID-q2ng-jgm7-8uc9", "summary": "A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23204", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23271", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23286", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075", "reference_id": "1009075", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063883", "reference_id": "2063883", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063883" }, { "reference_url": "https://security.gentoo.org/glsa/202210-06", "reference_id": "GLSA-202210-06", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/" } ], "url": "https://security.gentoo.org/glsa/202210-06" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html", "reference_id": "msg00000.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7472", "reference_id": "RHSA-2022:7472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8003", "reference_id": "RHSA-2022:8003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8003" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" }, { "reference_url": "https://usn.ubuntu.com/6126-1/", "reference_id": "USN-6126-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6126-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2022-0897" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2ng-jgm7-8uc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3904?format=api", "vulnerability_id": "VCID-r61c-726k-bfh5", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30936", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31003", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30971", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25637" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037", "reference_id": "1881037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555", "reference_id": "971555", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555" }, { "reference_url": "https://security.archlinux.org/ASA-202101-42", "reference_id": "ASA-202101-42", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-42" }, { "reference_url": "https://security.archlinux.org/AVG-1240", "reference_id": "AVG-1240", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1240" }, { "reference_url": "https://security.gentoo.org/glsa/202210-06", "reference_id": "GLSA-202210-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5040", "reference_id": "RHSA-2020:5040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5111", "reference_id": "RHSA-2020:5111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1762", "reference_id": "RHSA-2021:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1762" }, { "reference_url": "https://usn.ubuntu.com/5399-1/", "reference_id": "USN-5399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2020-25637" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r61c-726k-bfh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77633?format=api", "vulnerability_id": "VCID-t296-efx6-1yba", "summary": "An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3886.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3886.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64617", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64658", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64668", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3886" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3886", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3886" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694880", "reference_id": "1694880", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694880" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418", "reference_id": "926418", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418" }, { "reference_url": "https://usn.ubuntu.com/4021-1/", "reference_id": "USN-4021-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4021-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2019-3886" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t296-efx6-1yba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77624?format=api", "vulnerability_id": "VCID-t414-nm3b-cfev", "summary": "util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11115", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11203", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11198", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6764" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541444", "reference_id": "1541444", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889839", "reference_id": "889839", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889839" }, { "reference_url": "https://security.gentoo.org/glsa/201804-07", "reference_id": "GLSA-201804-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3113", "reference_id": "RHSA-2018:3113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3113" }, { "reference_url": "https://usn.ubuntu.com/3576-1/", "reference_id": "USN-3576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2018-6764" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t414-nm3b-cfev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77607?format=api", "vulnerability_id": "VCID-tk2g-6m19-yqg3", "summary": "libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34534", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34632", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34648", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245647", "reference_id": "1245647", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245647" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796111", "reference_id": "796111", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2577", "reference_id": "RHSA-2016:2577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6326?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1" } ], "aliases": [ "CVE-2015-5160" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tk2g-6m19-yqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77629?format=api", "vulnerability_id": "VCID-v25d-upc8-wfh4", "summary": "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37323", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37414", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.3742", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720117", "reference_id": "1720117", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720117" }, { "reference_url": "https://security.gentoo.org/glsa/202003-18", "reference_id": "GLSA-202003-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1579", "reference_id": "RHSA-2019:1579", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1580", "reference_id": "RHSA-2019:1580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1699", "reference_id": "RHSA-2019:1699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1762", "reference_id": "RHSA-2019:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1762" }, { "reference_url": "https://usn.ubuntu.com/4047-1/", "reference_id": "USN-4047-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4047-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6327?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2019-10167" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v25d-upc8-wfh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77650?format=api", "vulnerability_id": "VCID-wtyd-7ppt-23cj", "summary": "A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18729", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18731", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2496" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269672", "reference_id": "2269672", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269672" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8", "reference_id": "cpe:/a:redhat:advanced_virtualization:8::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-2496", "reference_id": "CVE-2024-2496", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-2496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2236", "reference_id": "RHSA-2024:2236", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2236" }, { "reference_url": "https://usn.ubuntu.com/6734-1/", "reference_id": "USN-6734-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6734-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6329?format=api", "purl": "pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gt15-erjf-tucj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3" } ], "aliases": [ "CVE-2024-2496" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wtyd-7ppt-23cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77608?format=api", "vulnerability_id": "VCID-x248-nq74-wbbs", "summary": "The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5247.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60351", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60398", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60401", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5247" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259350", "reference_id": "1259350", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259350" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799132", "reference_id": "799132", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799132" }, { "reference_url": "https://usn.ubuntu.com/2867-1/", "reference_id": "USN-2867-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2867-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6326?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1" } ], "aliases": [ "CVE-2015-5247" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x248-nq74-wbbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77618?format=api", "vulnerability_id": "VCID-ztu1-8yz5-tyc6", "summary": "libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000256.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73915", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73951", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73955", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503658", "reference_id": "1503658", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503658" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799", "reference_id": "878799", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799" }, { "reference_url": "https://usn.ubuntu.com/3576-1/", "reference_id": "USN-3576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6326?format=api", "purl": "pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6328?format=api", "purl": "pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1" } ], "aliases": [ "CVE-2017-1000256" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztu1-8yz5-tyc6" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77598?format=api", "vulnerability_id": "VCID-522f-y6qx-nfhn", "summary": "The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7823.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7823.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67592", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67633", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.6764", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160817", "reference_id": "1160817", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160817" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769149", "reference_id": "769149", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769149" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1873", "reference_id": "RHSA-2014:1873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0008", "reference_id": "RHSA-2015:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0008" }, { "reference_url": "https://usn.ubuntu.com/2404-1/", "reference_id": "USN-2404-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2404-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6323?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9" } ], "aliases": [ "CVE-2014-7823" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-522f-y6qx-nfhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77595?format=api", "vulnerability_id": "VCID-7ezn-r2xq-c7de", "summary": "The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3633.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3633.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02862", "scoring_system": "epss", "scoring_elements": "0.86522", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02862", "scoring_system": "epss", "scoring_elements": "0.86545", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141131", "reference_id": "1141131", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141131" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762203", "reference_id": "762203", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762203" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1352", "reference_id": "RHSA-2014:1352", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1873", "reference_id": "RHSA-2014:1873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1873" }, { "reference_url": "https://usn.ubuntu.com/2366-1/", "reference_id": "USN-2366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2366-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6320?format=api", "purl": "pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-522f-y6qx-nfhn" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-5th2-yymu-x7hm" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-7ezn-r2xq-c7de" }, { "vulnerability": "VCID-7ks5-8e2n-tua4" }, { "vulnerability": "VCID-8fmd-jdpb-v7eb" }, { "vulnerability": "VCID-8frc-fhvs-bucm" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-8wxg-1wr8-rfca" }, { "vulnerability": "VCID-9cft-v9u9-fubh" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bw47-fewt-2fax" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-db3h-q8fp-b3ds" }, { "vulnerability": "VCID-dqys-qxtq-7yd9" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-g2pc-1es2-3qer" }, { "vulnerability": "VCID-g3k9-1rc3-xfhu" }, { "vulnerability": "VCID-g59s-kpjm-dbbg" }, { "vulnerability": "VCID-g94m-69qv-8kgk" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-h8hd-mdcx-tben" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-jzhx-dfgg-37ct" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-kn2h-kurp-pbcc" }, { "vulnerability": "VCID-kqsz-xg9j-ukeu" }, { "vulnerability": "VCID-kta6-5pt1-27at" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-mzv1-uhwm-fqd2" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-p3ja-7zqb-mybj" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-qpvd-b2ru-d7a3" }, { "vulnerability": "VCID-qtct-kbdm-z7ed" }, { "vulnerability": "VCID-qw96-udhq-q7b6" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-rrcc-k1cq-5ugw" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-u1x7-9n1d-8qb3" }, { "vulnerability": "VCID-urzt-z32b-97dp" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-vsx2-9wna-nuf2" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-yb4y-39u3-eufg" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6323?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9" } ], "aliases": [ "CVE-2014-3633" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ezn-r2xq-c7de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77606?format=api", "vulnerability_id": "VCID-8wxg-1wr8-rfca", "summary": "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0236.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0236.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66059", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66071", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:M/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184431", "reference_id": "1184431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184431" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776065", "reference_id": "776065", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0323", "reference_id": "RHSA-2015:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0323" }, { "reference_url": "https://usn.ubuntu.com/2867-1/", "reference_id": "USN-2867-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2867-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6323?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9" } ], "aliases": [ "CVE-2015-0236" ], "risk_score": 1.0, "exploitability": "0.5", "weighted_severity": "2.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wxg-1wr8-rfca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77604?format=api", "vulnerability_id": "VCID-9cft-v9u9-fubh", "summary": "The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8136.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8136.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25071", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25167", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25154", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176176", "reference_id": "1176176", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176176" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773856", "reference_id": "773856", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773856" }, { "reference_url": "https://security.gentoo.org/glsa/201412-36", "reference_id": "GLSA-201412-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0323", "reference_id": "RHSA-2015:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0323" }, { "reference_url": "https://usn.ubuntu.com/2867-1/", "reference_id": "USN-2867-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2867-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6323?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9" } ], "aliases": [ "CVE-2014-8136" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9cft-v9u9-fubh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77596?format=api", "vulnerability_id": "VCID-g59s-kpjm-dbbg", "summary": "The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3657.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01284", "scoring_system": "epss", "scoring_elements": "0.79947", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01284", "scoring_system": "epss", "scoring_elements": "0.79973", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01284", "scoring_system": "epss", "scoring_elements": "0.79978", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145667", "reference_id": "1145667", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1352", "reference_id": "RHSA-2014:1352", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1873", "reference_id": "RHSA-2014:1873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1873" }, { "reference_url": "https://usn.ubuntu.com/2404-1/", "reference_id": "USN-2404-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2404-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6323?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9" } ], "aliases": [ "CVE-2014-3657" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g59s-kpjm-dbbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77601?format=api", "vulnerability_id": "VCID-g94m-69qv-8kgk", "summary": "The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a \"virsh vol-upload\" command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8135.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8135.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20935", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2101", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20996", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176182", "reference_id": "1176182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176182" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773855", "reference_id": "773855", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773855" }, { "reference_url": "https://security.gentoo.org/glsa/201412-36", "reference_id": "GLSA-201412-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6323?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9" } ], "aliases": [ "CVE-2014-8135" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g94m-69qv-8kgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77599?format=api", "vulnerability_id": "VCID-kta6-5pt1-27at", "summary": "The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8131.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59385", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59436", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59439", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8131" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172569", "reference_id": "1172569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172569" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773858", "reference_id": "773858", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773858" }, { "reference_url": "https://security.gentoo.org/glsa/201412-36", "reference_id": "GLSA-201412-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6323?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9" } ], "aliases": [ "CVE-2014-8131" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kta6-5pt1-27at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77597?format=api", "vulnerability_id": "VCID-vsx2-9wna-nuf2", "summary": "libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5177.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29631", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.297", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29664", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290", "reference_id": "1088290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0914", "reference_id": "RHSA-2014:0914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0914" }, { "reference_url": "https://usn.ubuntu.com/2366-1/", "reference_id": "USN-2366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2366-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6323?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9" } ], "aliases": [ "CVE-2014-5177" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vsx2-9wna-nuf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77593?format=api", "vulnerability_id": "VCID-yb4y-39u3-eufg", "summary": "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28286", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28358", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28309", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290", "reference_id": "1088290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290" }, { "reference_url": "https://security.gentoo.org/glsa/201412-04", "reference_id": "GLSA-201412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0560", "reference_id": "RHSA-2014:0560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0914", "reference_id": "RHSA-2014:0914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0914" }, { "reference_url": "https://usn.ubuntu.com/2366-1/", "reference_id": "USN-2366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2366-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6320?format=api", "purl": "pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-522f-y6qx-nfhn" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-5th2-yymu-x7hm" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-7ezn-r2xq-c7de" }, { "vulnerability": "VCID-7ks5-8e2n-tua4" }, { "vulnerability": "VCID-8fmd-jdpb-v7eb" }, { "vulnerability": "VCID-8frc-fhvs-bucm" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-8wxg-1wr8-rfca" }, { "vulnerability": "VCID-9cft-v9u9-fubh" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bw47-fewt-2fax" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-db3h-q8fp-b3ds" }, { "vulnerability": "VCID-dqys-qxtq-7yd9" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-g2pc-1es2-3qer" }, { "vulnerability": "VCID-g3k9-1rc3-xfhu" }, { "vulnerability": "VCID-g59s-kpjm-dbbg" }, { "vulnerability": "VCID-g94m-69qv-8kgk" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-h8hd-mdcx-tben" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-jzhx-dfgg-37ct" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-kn2h-kurp-pbcc" }, { "vulnerability": "VCID-kqsz-xg9j-ukeu" }, { "vulnerability": "VCID-kta6-5pt1-27at" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-mzv1-uhwm-fqd2" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-p3ja-7zqb-mybj" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-qpvd-b2ru-d7a3" }, { "vulnerability": "VCID-qtct-kbdm-z7ed" }, { "vulnerability": "VCID-qw96-udhq-q7b6" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-rrcc-k1cq-5ugw" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-u1x7-9n1d-8qb3" }, { "vulnerability": "VCID-urzt-z32b-97dp" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-vsx2-9wna-nuf2" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-yb4y-39u3-eufg" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6323?format=api", "purl": "pkg:deb/debian/libvirt@1.2.9-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sf9-8j9p-3fgz" }, { "vulnerability": "VCID-53fz-t4zs-7kbk" }, { "vulnerability": "VCID-6pj3-mq9g-yye9" }, { "vulnerability": "VCID-75av-3nr7-bkh1" }, { "vulnerability": "VCID-8u2b-ad6e-ukaw" }, { "vulnerability": "VCID-abdh-e635-17cp" }, { "vulnerability": "VCID-bes6-jjfw-tbdx" }, { "vulnerability": "VCID-bzyu-42js-e3e6" }, { "vulnerability": "VCID-cf81-wpvh-kqa2" }, { "vulnerability": "VCID-cjpk-feb2-zqds" }, { "vulnerability": "VCID-etr9-c84d-vuhr" }, { "vulnerability": "VCID-gneu-b3qk-q7e4" }, { "vulnerability": "VCID-j5b5-zjxe-ffhu" }, { "vulnerability": "VCID-j71z-t8bh-wbb4" }, { "vulnerability": "VCID-jtjs-y7k7-r7ae" }, { "vulnerability": "VCID-k2ku-9mx2-b3a9" }, { "vulnerability": "VCID-kjnb-e6nd-wudn" }, { "vulnerability": "VCID-mtgm-vqw9-1ubf" }, { "vulnerability": "VCID-myg3-46rj-3qax" }, { "vulnerability": "VCID-n2nm-knaw-gkgx" }, { "vulnerability": "VCID-pqyk-2c8e-5yh5" }, { "vulnerability": "VCID-psr7-vapd-6udz" }, { "vulnerability": "VCID-q2ng-jgm7-8uc9" }, { "vulnerability": "VCID-r61c-726k-bfh5" }, { "vulnerability": "VCID-t296-efx6-1yba" }, { "vulnerability": "VCID-t414-nm3b-cfev" }, { "vulnerability": "VCID-tk2g-6m19-yqg3" }, { "vulnerability": "VCID-v25d-upc8-wfh4" }, { "vulnerability": "VCID-wtyd-7ppt-23cj" }, { "vulnerability": "VCID-x248-nq74-wbbs" }, { "vulnerability": "VCID-ztu1-8yz5-tyc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9" } ], "aliases": [ "CVE-2014-0179" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yb4y-39u3-eufg" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9" }