{"url":"http://public2.vulnerablecode.io/api/packages/190888?format=json","purl":"pkg:ebuild/app-emulation/libvirt@0.9.3-r1","type":"ebuild","namespace":"app-emulation","name":"libvirt","version":"0.9.3-r1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.21","latest_non_vulnerable_version":"204-r1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77554?format=json","vulnerability_id":"VCID-b83z-k3uw-sqfs","summary":"The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of \"security manager private data\" that \"reopens disk probing\" and might allow guest OS users to read arbitrary files on the host OS.  NOTE: this vulnerability exists because of a CVE-2010-2238 regression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2178.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2178","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24363","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24464","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24448","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2178"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2178"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629128","reference_id":"629128","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629128"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709769","reference_id":"709769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709769"},{"reference_url":"https://security.gentoo.org/glsa/201202-07","reference_id":"GLSA-201202-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-07"},{"reference_url":"https://usn.ubuntu.com/1152-1/","reference_id":"USN-1152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1152-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190888?format=json","purl":"pkg:ebuild/app-emulation/libvirt@0.9.3-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1"}],"aliases":["CVE-2011-2178"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b83z-k3uw-sqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77552?format=json","vulnerability_id":"VCID-q38b-cmvy-gybh","summary":"libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1146.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1146","reference_id":"","reference_type":"","scores":[{"value":"0.01556","scoring_system":"epss","scoring_elements":"0.81779","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01556","scoring_system":"epss","scoring_elements":"0.81813","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1146"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773","reference_id":"617773","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=683650","reference_id":"683650","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=683650"},{"reference_url":"https://security.gentoo.org/glsa/201202-07","reference_id":"GLSA-201202-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0391","reference_id":"RHSA-2011:0391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0391"},{"reference_url":"https://usn.ubuntu.com/1094-1/","reference_id":"USN-1094-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1094-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190888?format=json","purl":"pkg:ebuild/app-emulation/libvirt@0.9.3-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1"}],"aliases":["CVE-2011-1146"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q38b-cmvy-gybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77555?format=json","vulnerability_id":"VCID-weet-hgv1-7bb9","summary":"Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2511.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2511","reference_id":"","reference_type":"","scores":[{"value":"0.03415","scoring_system":"epss","scoring_elements":"0.8766","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03415","scoring_system":"epss","scoring_elements":"0.87681","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03415","scoring_system":"epss","scoring_elements":"0.87683","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2511"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630","reference_id":"633630","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=717199","reference_id":"717199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=717199"},{"reference_url":"https://security.gentoo.org/glsa/201202-07","reference_id":"GLSA-201202-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1019","reference_id":"RHSA-2011:1019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1197","reference_id":"RHSA-2011:1197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1197"},{"reference_url":"https://usn.ubuntu.com/1180-1/","reference_id":"USN-1180-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1180-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190888?format=json","purl":"pkg:ebuild/app-emulation/libvirt@0.9.3-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1"}],"aliases":["CVE-2011-2511"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-weet-hgv1-7bb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77553?format=json","vulnerability_id":"VCID-yhk7-v8zt-hbev","summary":"libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1486.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1486.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1486","reference_id":"","reference_type":"","scores":[{"value":"0.00859","scoring_system":"epss","scoring_elements":"0.75364","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00859","scoring_system":"epss","scoring_elements":"0.75393","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00859","scoring_system":"epss","scoring_elements":"0.75397","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1486"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1486","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1486"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623222","reference_id":"623222","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623222"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=693391","reference_id":"693391","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=693391"},{"reference_url":"https://security.gentoo.org/glsa/201202-07","reference_id":"GLSA-201202-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0478","reference_id":"RHSA-2011:0478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0479","reference_id":"RHSA-2011:0479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0479"},{"reference_url":"https://usn.ubuntu.com/1152-1/","reference_id":"USN-1152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1152-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/190888?format=json","purl":"pkg:ebuild/app-emulation/libvirt@0.9.3-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1"}],"aliases":["CVE-2011-1486"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhk7-v8zt-hbev"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1"}