Lookup for vulnerable packages by Package URL.
| Purl | pkg:ebuild/app-emulation/libvirt@0.9.3-r1 |
|---|
| Type | ebuild |
|---|
| Namespace | app-emulation |
|---|
| Name | libvirt |
|---|
| Version | 0.9.3-r1 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 0.21 |
|---|
| Latest_non_vulnerable_version | 204-r1 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-b83z-k3uw-sqfs |
| vulnerability_id |
VCID-b83z-k3uw-sqfs |
| summary |
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2178 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24363 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24464 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24448 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24392 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2178 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2178
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b83z-k3uw-sqfs |
|
| 1 |
| url |
VCID-q38b-cmvy-gybh |
| vulnerability_id |
VCID-q38b-cmvy-gybh |
| summary |
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2011-1146
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q38b-cmvy-gybh |
|
| 2 |
| url |
VCID-weet-hgv1-7bb9 |
| vulnerability_id |
VCID-weet-hgv1-7bb9 |
| summary |
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2511 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03415 |
| scoring_system |
epss |
| scoring_elements |
0.8766 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.03415 |
| scoring_system |
epss |
| scoring_elements |
0.87681 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.03415 |
| scoring_system |
epss |
| scoring_elements |
0.87683 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.03415 |
| scoring_system |
epss |
| scoring_elements |
0.87682 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2511 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2511
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-weet-hgv1-7bb9 |
|
| 3 |
| url |
VCID-yhk7-v8zt-hbev |
| vulnerability_id |
VCID-yhk7-v8zt-hbev |
| summary |
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1486 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75364 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75393 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75397 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75387 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1486 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1486
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yhk7-v8zt-hbev |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1 |
|---|