{"url":"http://public2.vulnerablecode.io/api/packages/6319?format=json","purl":"pkg:deb/debian/libvirt@0.8.3-5%2Bsqueeze5","type":"deb","namespace":"debian","name":"libvirt","version":"0.8.3-5+squeeze5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.3.0-2~bpo12+1","latest_non_vulnerable_version":"11.3.0-2~bpo12+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77648?format=json","vulnerability_id":"VCID-4sf9-8j9p-3fgz","summary":"An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1441","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17875","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058","reference_id":"1066058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263841","reference_id":"2263841","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263841"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1441","reference_id":"CVE-2024-1441","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1441"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2560","reference_id":"RHSA-2024:2560","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2560"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"},{"reference_url":"https://usn.ubuntu.com/6734-2/","reference_id":"USN-6734-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-1441"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sf9-8j9p-3fgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77598?format=json","vulnerability_id":"VCID-522f-y6qx-nfhn","summary":"The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7823.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7823.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7823","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67592","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67633","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1160817","reference_id":"1160817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1160817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769149","reference_id":"769149","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769149"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1873","reference_id":"RHSA-2014:1873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0008","reference_id":"RHSA-2015:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0008"},{"reference_url":"https://usn.ubuntu.com/2404-1/","reference_id":"USN-2404-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2404-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-7823"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-522f-y6qx-nfhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77642?format=json","vulnerability_id":"VCID-53fz-t4zs-7kbk","summary":"A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3975","reference_id":"","reference_type":"","scores":[{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69698","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69738","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024326","reference_id":"2024326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1759","reference_id":"RHSA-2022:1759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1759"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3975"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53fz-t4zs-7kbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77594?format=json","vulnerability_id":"VCID-5th2-yymu-x7hm","summary":"Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1447.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1447","reference_id":"","reference_type":"","scores":[{"value":"0.11684","scoring_system":"epss","scoring_elements":"0.9381","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11684","scoring_system":"epss","scoring_elements":"0.93819","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1052957","reference_id":"1052957","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1052957"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735676","reference_id":"735676","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735676"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0103","reference_id":"RHSA-2014:0103","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0103"},{"reference_url":"https://usn.ubuntu.com/2093-1/","reference_id":"USN-2093-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2093-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/6322?format=json","purl":"pkg:deb/debian/libvirt@1.2.4-1~bpo70%2B1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.4-1~bpo70%252B1.1"}],"aliases":["CVE-2014-1447"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5th2-yymu-x7hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77636?format=json","vulnerability_id":"VCID-6pj3-mq9g-yye9","summary":"An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12430","reference_id":"","reference_type":"","scores":[{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72759","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72797","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828190","reference_id":"1828190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828190"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447","reference_id":"959447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447"},{"reference_url":"https://usn.ubuntu.com/4371-1/","reference_id":"USN-4371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-12430"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pj3-mq9g-yye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77621?format=json","vulnerability_id":"VCID-75av-3nr7-bkh1","summary":"A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2635.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2635","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55535","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55592","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427090","reference_id":"1427090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427090"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856313","reference_id":"856313","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2017-2635"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75av-3nr7-bkh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77595?format=json","vulnerability_id":"VCID-7ezn-r2xq-c7de","summary":"The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3633.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3633.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3633","reference_id":"","reference_type":"","scores":[{"value":"0.02862","scoring_system":"epss","scoring_elements":"0.86522","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02862","scoring_system":"epss","scoring_elements":"0.86545","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1141131","reference_id":"1141131","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1141131"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762203","reference_id":"762203","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762203"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1352","reference_id":"RHSA-2014:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1873","reference_id":"RHSA-2014:1873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1873"},{"reference_url":"https://usn.ubuntu.com/2366-1/","reference_id":"USN-2366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2366-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-3633"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ezn-r2xq-c7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77574?format=json","vulnerability_id":"VCID-7ks5-8e2n-tua4","summary":"libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4311.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4311.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4311","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07125","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07158","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4311"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1005332","reference_id":"1005332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1005332"},{"reference_url":"https://security.gentoo.org/glsa/201406-27","reference_id":"GLSA-201406-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1272","reference_id":"RHSA-2013:1272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1272"},{"reference_url":"https://usn.ubuntu.com/1954-1/","reference_id":"USN-1954-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1954-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4311"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ks5-8e2n-tua4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77567?format=json","vulnerability_id":"VCID-8fmd-jdpb-v7eb","summary":"The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to \"agent based cpu (un)plug,\" as demonstrated by the \"virsh vcpucount foobar --guest\" command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4154.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4154.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4154","reference_id":"","reference_type":"","scores":[{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.73057","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.73094","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4154"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717355","reference_id":"717355","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717355"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=986386","reference_id":"986386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=986386"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4154"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fmd-jdpb-v7eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77571?format=json","vulnerability_id":"VCID-8frc-fhvs-bucm","summary":"The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4296.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4296.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4296","reference_id":"","reference_type":"","scores":[{"value":"0.03294","scoring_system":"epss","scoring_elements":"0.87437","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03294","scoring_system":"epss","scoring_elements":"0.87459","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1006173","reference_id":"1006173","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1006173"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1272","reference_id":"RHSA-2013:1272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1272"},{"reference_url":"https://usn.ubuntu.com/1954-1/","reference_id":"USN-1954-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1954-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4296"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8frc-fhvs-bucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77632?format=json","vulnerability_id":"VCID-8u2b-ad6e-ukaw","summary":"A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3840.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3840","reference_id":"","reference_type":"","scores":[{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72589","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72629","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3840"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665228","reference_id":"1665228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2294","reference_id":"RHSA-2019:2294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2294"},{"reference_url":"https://usn.ubuntu.com/3909-1/","reference_id":"USN-3909-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3909-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-3840"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2b-ad6e-ukaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77606?format=json","vulnerability_id":"VCID-8wxg-1wr8-rfca","summary":"libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0236.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0236.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0236","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66007","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66059","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0236"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:M/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1184431","reference_id":"1184431","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1184431"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776065","reference_id":"776065","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0323","reference_id":"RHSA-2015:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0323"},{"reference_url":"https://usn.ubuntu.com/2867-1/","reference_id":"USN-2867-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2867-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2015-0236"],"risk_score":1.0,"exploitability":"0.5","weighted_severity":"2.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wxg-1wr8-rfca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77604?format=json","vulnerability_id":"VCID-9cft-v9u9-fubh","summary":"The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8136.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8136.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8136","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25071","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25167","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176176","reference_id":"1176176","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176176"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773856","reference_id":"773856","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773856"},{"reference_url":"https://security.gentoo.org/glsa/201412-36","reference_id":"GLSA-201412-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0323","reference_id":"RHSA-2015:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0323"},{"reference_url":"https://usn.ubuntu.com/2867-1/","reference_id":"USN-2867-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2867-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-8136"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cft-v9u9-fubh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5836?format=json","vulnerability_id":"VCID-abdh-e635-17cp","summary":"privilege escalation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14339","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4141","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41486","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860069","reference_id":"1860069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860069"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563","reference_id":"966563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563"},{"reference_url":"https://security.archlinux.org/ASA-202009-8","reference_id":"ASA-202009-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-8"},{"reference_url":"https://security.archlinux.org/AVG-1232","reference_id":"AVG-1232","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1232"},{"reference_url":"https://security.gentoo.org/glsa/202101-22","reference_id":"GLSA-202101-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-22"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3586","reference_id":"RHSA-2020:3586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-14339"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abdh-e635-17cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77554?format=json","vulnerability_id":"VCID-b83z-k3uw-sqfs","summary":"The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of \"security manager private data\" that \"reopens disk probing\" and might allow guest OS users to read arbitrary files on the host OS.  NOTE: this vulnerability exists because of a CVE-2010-2238 regression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2178.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2178","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24363","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24464","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2178"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2178"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629128","reference_id":"629128","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629128"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709769","reference_id":"709769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709769"},{"reference_url":"https://security.gentoo.org/glsa/201202-07","reference_id":"GLSA-201202-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-07"},{"reference_url":"https://usn.ubuntu.com/1152-1/","reference_id":"USN-1152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1152-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"}],"aliases":["CVE-2011-2178"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b83z-k3uw-sqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77614?format=json","vulnerability_id":"VCID-bes6-jjfw-tbdx","summary":"libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10746.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10746","reference_id":"","reference_type":"","scores":[{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67469","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.6751","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10746"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1705507","reference_id":"1705507","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1705507"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2016-10746"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bes6-jjfw-tbdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77563?format=json","vulnerability_id":"VCID-bw47-fewt-2fax","summary":"Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the \"virsh iface-list --inactive\" command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2218.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2218.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2218","reference_id":"","reference_type":"","scores":[{"value":"0.10811","scoring_system":"epss","scoring_elements":"0.93493","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10811","scoring_system":"epss","scoring_elements":"0.93503","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2218"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:P/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714699","reference_id":"714699","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714699"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=980112","reference_id":"980112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=980112"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38622.txt","reference_id":"CVE-2013-2218;OSVDB-94704","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38622.txt"},{"reference_url":"https://www.securityfocus.com/bid/60876/info","reference_id":"CVE-2013-2218;OSVDB-94704","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/60876/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-2218"],"risk_score":5.4,"exploitability":"2.0","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bw47-fewt-2fax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77625?format=json","vulnerability_id":"VCID-bzyu-42js-e3e6","summary":"A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10132.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10132.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10132","reference_id":"","reference_type":"","scores":[{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.79942","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.79967","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1706067","reference_id":"1706067","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1706067"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334","reference_id":"929334","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1264","reference_id":"RHSA-2019:1264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1268","reference_id":"RHSA-2019:1268","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1268"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1455","reference_id":"RHSA-2019:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1455"},{"reference_url":"https://usn.ubuntu.com/4021-1/","reference_id":"USN-4021-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4021-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10132"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzyu-42js-e3e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77623?format=json","vulnerability_id":"VCID-cf81-wpvh-kqa2","summary":"qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5748.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5748","reference_id":"","reference_type":"","scores":[{"value":"0.01494","scoring_system":"epss","scoring_elements":"0.81405","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01494","scoring_system":"epss","scoring_elements":"0.81432","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1528396","reference_id":"1528396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1528396"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700","reference_id":"887700","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700"},{"reference_url":"https://security.gentoo.org/glsa/201804-07","reference_id":"GLSA-201804-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-07"},{"reference_url":"https://security.gentoo.org/glsa/201804-08","reference_id":"GLSA-201804-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1396","reference_id":"RHSA-2018:1396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1929","reference_id":"RHSA-2018:1929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1929"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2018-5748"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf81-wpvh-kqa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77643?format=json","vulnerability_id":"VCID-cjpk-feb2-zqds","summary":"A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4147","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23267","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535","reference_id":"1002535","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034195","reference_id":"2034195","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034195"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-4147"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjpk-feb2-zqds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77585?format=json","vulnerability_id":"VCID-db3h-q8fp-b3ds","summary":"The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the \"virsh memtune\" command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6436.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6436","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20999","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21073","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6436"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1042252","reference_id":"1042252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1042252"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://usn.ubuntu.com/2093-1/","reference_id":"USN-2093-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2093-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-6436"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db3h-q8fp-b3ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77592?format=json","vulnerability_id":"VCID-dqys-qxtq-7yd9","summary":"libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0028.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0028.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0028","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27908","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27976","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0028"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0028","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0028"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1048637","reference_id":"1048637","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1048637"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://usn.ubuntu.com/2093-1/","reference_id":"USN-2093-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2093-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6322?format=json","purl":"pkg:deb/debian/libvirt@1.2.4-1~bpo70%2B1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.4-1~bpo70%252B1.1"}],"aliases":["CVE-2014-0028"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqys-qxtq-7yd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77630?format=json","vulnerability_id":"VCID-etr9-c84d-vuhr","summary":"The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10168.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10168","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45272","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4534","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720118","reference_id":"1720118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720118"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10168"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-etr9-c84d-vuhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77575?format=json","vulnerability_id":"VCID-g2pc-1es2-3qer","summary":"The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4399.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4399.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4399","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72531","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72571","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4399"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1015214","reference_id":"1015214","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1015214"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4399"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2pc-1es2-3qer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77587?format=json","vulnerability_id":"VCID-g3k9-1rc3-xfhu","summary":"The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to \"paths under /proc/$PID/root\" and the virInitctlSetRunLevel function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6456.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6456.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6456","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47227","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47291","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6456"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1048627","reference_id":"1048627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1048627"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394","reference_id":"732394","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://usn.ubuntu.com/2209-1/","reference_id":"USN-2209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6322?format=json","purl":"pkg:deb/debian/libvirt@1.2.4-1~bpo70%2B1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.4-1~bpo70%252B1.1"}],"aliases":["CVE-2013-6456"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g3k9-1rc3-xfhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77596?format=json","vulnerability_id":"VCID-g59s-kpjm-dbbg","summary":"The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3657.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3657","reference_id":"","reference_type":"","scores":[{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79947","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79973","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145667","reference_id":"1145667","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1352","reference_id":"RHSA-2014:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1873","reference_id":"RHSA-2014:1873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1873"},{"reference_url":"https://usn.ubuntu.com/2404-1/","reference_id":"USN-2404-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2404-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-3657"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g59s-kpjm-dbbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77601?format=json","vulnerability_id":"VCID-g94m-69qv-8kgk","summary":"The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a \"virsh vol-upload\" command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8135.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8135.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8135","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20935","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2101","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176182","reference_id":"1176182","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176182"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773855","reference_id":"773855","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773855"},{"reference_url":"https://security.gentoo.org/glsa/201412-36","reference_id":"GLSA-201412-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-8135"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g94m-69qv-8kgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77649?format=json","vulnerability_id":"VCID-gneu-b3qk-q7e4","summary":"A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2494","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07697","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461","reference_id":"1067461","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270115","reference_id":"2270115","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270115"},{"reference_url":"https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/","reference_id":"BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2494","reference_id":"CVE-2024-2494","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2494"},{"reference_url":"https://security.gentoo.org/glsa/202412-16","reference_id":"GLSA-202412-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2560","reference_id":"RHSA-2024:2560","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3253","reference_id":"RHSA-2024:3253","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3253"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"},{"reference_url":"https://usn.ubuntu.com/6734-2/","reference_id":"USN-6734-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-2494"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gneu-b3qk-q7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77583?format=json","vulnerability_id":"VCID-h8hd-mdcx-tben","summary":"The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5651.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5651.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5651","reference_id":"","reference_type":"","scores":[{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70919","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70961","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5651"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1006493","reference_id":"1006493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1006493"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://usn.ubuntu.com/1954-1/","reference_id":"USN-1954-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1954-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-5651"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8hd-mdcx-tben"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77616?format=json","vulnerability_id":"VCID-j5b5-zjxe-ffhu","summary":"libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5008.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5008.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5008","reference_id":"","reference_type":"","scores":[{"value":"0.02119","scoring_system":"epss","scoring_elements":"0.84448","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02119","scoring_system":"epss","scoring_elements":"0.84472","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5008"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351514","reference_id":"1351514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2577","reference_id":"RHSA-2016:2577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2577"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6325?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2016-5008"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5b5-zjxe-ffhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77641?format=json","vulnerability_id":"VCID-j71z-t8bh-wbb4","summary":"An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3667","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63249","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63292","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986094","reference_id":"1986094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594","reference_id":"991594","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594"},{"reference_url":"https://security.archlinux.org/AVG-2230","reference_id":"AVG-2230","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2230"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3703","reference_id":"RHSA-2021:3703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3704","reference_id":"RHSA-2021:3704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4191","reference_id":"RHSA-2021:4191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4191"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3667"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j71z-t8bh-wbb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77628?format=json","vulnerability_id":"VCID-jtjs-y7k7-r7ae","summary":"It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10166.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10166","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33654","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33755","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720114","reference_id":"1720114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720114"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10166"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtjs-y7k7-r7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77572?format=json","vulnerability_id":"VCID-jzhx-dfgg-37ct","summary":"The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4297.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4297.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4297","reference_id":"","reference_type":"","scores":[{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69276","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69316","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4297"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1006505","reference_id":"1006505","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1006505"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4297"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzhx-dfgg-37ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77611?format=json","vulnerability_id":"VCID-k2ku-9mx2-b3a9","summary":"Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5313.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5313.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5313","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17967","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18046","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5313"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5313","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5313"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277121","reference_id":"1277121","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277121"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808273","reference_id":"808273","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808273"},{"reference_url":"https://security.gentoo.org/glsa/201612-10","reference_id":"GLSA-201612-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2577","reference_id":"RHSA-2016:2577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2577"},{"reference_url":"https://usn.ubuntu.com/2867-1/","reference_id":"USN-2867-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2867-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2015-5313"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2ku-9mx2-b3a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5888?format=json","vulnerability_id":"VCID-kjnb-e6nd-wudn","summary":"denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10703","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72162","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72203","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816650","reference_id":"1816650","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816650"},{"reference_url":"https://security.archlinux.org/AVG-1174","reference_id":"AVG-1174","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4000","reference_id":"RHSA-2020:4000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"},{"reference_url":"https://usn.ubuntu.com/4371-1/","reference_id":"USN-4371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-10703"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjnb-e6nd-wudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77564?format=json","vulnerability_id":"VCID-kn2h-kurp-pbcc","summary":"The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving \"multiple events registration.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2230.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2230","reference_id":"","reference_type":"","scores":[{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69276","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69316","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2230"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2230","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2230"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715559","reference_id":"715559","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715559"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=981476","reference_id":"981476","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=981476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-2230"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kn2h-kurp-pbcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77568?format=json","vulnerability_id":"VCID-kqsz-xg9j-ukeu","summary":"The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4239.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4239.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4239","reference_id":"","reference_type":"","scores":[{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69276","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69316","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4239"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4239","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4239"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719533","reference_id":"719533","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719533"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=996241","reference_id":"996241","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=996241"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4239"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsz-xg9j-ukeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77599?format=json","vulnerability_id":"VCID-kta6-5pt1-27at","summary":"The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8131.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8131","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59385","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59436","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8131"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172569","reference_id":"1172569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172569"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773858","reference_id":"773858","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773858"},{"reference_url":"https://security.gentoo.org/glsa/201412-36","reference_id":"GLSA-201412-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-8131"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kta6-5pt1-27at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77631?format=json","vulnerability_id":"VCID-mtgm-vqw9-1ubf","summary":"qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20485","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40896","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40973","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809740","reference_id":"1809740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078","reference_id":"953078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4000","reference_id":"RHSA-2020:4000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2019-20485"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtgm-vqw9-1ubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77634?format=json","vulnerability_id":"VCID-myg3-46rj-3qax","summary":"A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10701","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47648","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47712","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819163","reference_id":"1819163","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819163"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841","reference_id":"955841","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-10701"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myg3-46rj-3qax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77591?format=json","vulnerability_id":"VCID-mzv1-uhwm-fqd2","summary":"The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7336.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7336.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7336","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20999","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21073","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7336"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7336"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1077620","reference_id":"1077620","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1077620"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://usn.ubuntu.com/2209-1/","reference_id":"USN-2209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-7336"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzv1-uhwm-fqd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77622?format=json","vulnerability_id":"VCID-n2nm-knaw-gkgx","summary":"libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1064.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1064","reference_id":"","reference_type":"","scores":[{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80923","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80952","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550672","reference_id":"1550672","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1396","reference_id":"RHSA-2018:1396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1929","reference_id":"RHSA-2018:1929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1929"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6325?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/6327?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2018-1064"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2nm-knaw-gkgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77589?format=json","vulnerability_id":"VCID-p3ja-7zqb-mybj","summary":"The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6457.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6457.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6457","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33032","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33135","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6457"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1048629","reference_id":"1048629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1048629"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://usn.ubuntu.com/2093-1/","reference_id":"USN-2093-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2093-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6322?format=json","purl":"pkg:deb/debian/libvirt@1.2.4-1~bpo70%2B1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.4-1~bpo70%252B1.1"}],"aliases":["CVE-2013-6457"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3ja-7zqb-mybj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77626?format=json","vulnerability_id":"VCID-pqyk-2c8e-5yh5","summary":"It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10161.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10161.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10161","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49462","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49525","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720115","reference_id":"1720115","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720115"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1578","reference_id":"RHSA-2019:1578","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1578"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"},{"reference_url":"https://usn.ubuntu.com/4047-2/","reference_id":"USN-4047-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6327?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10161"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqyk-2c8e-5yh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7269?format=json","vulnerability_id":"VCID-psr7-vapd-6udz","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3631","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20917","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2","reference_id":"15073504dbb624d3f6c911e85557019d3620fdb2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2"},{"reference_url":"https://gitlab.com/libvirt/libvirt/-/issues/153","reference_id":"153","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://gitlab.com/libvirt/libvirt/-/issues/153"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977726","reference_id":"1977726","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977726"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709","reference_id":"990709","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709"},{"reference_url":"https://security.archlinux.org/AVG-2124","reference_id":"AVG-2124","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2124"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220331-0010/","reference_id":"ntap-20220331-0010","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220331-0010/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3631","reference_id":"RHSA-2021:3631","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2021:3631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3703","reference_id":"RHSA-2021:3703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3704","reference_id":"RHSA-2021:3704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4191","reference_id":"RHSA-2021:4191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4191"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3631"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psr7-vapd-6udz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77644?format=json","vulnerability_id":"VCID-q2ng-jgm7-8uc9","summary":"A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0897","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23204","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23286","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075","reference_id":"1009075","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063883","reference_id":"2063883","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063883"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7472","reference_id":"RHSA-2022:7472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8003","reference_id":"RHSA-2022:8003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8003"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"},{"reference_url":"https://usn.ubuntu.com/6126-1/","reference_id":"USN-6126-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6126-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2022-0897"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2ng-jgm7-8uc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77552?format=json","vulnerability_id":"VCID-q38b-cmvy-gybh","summary":"libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1146.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1146","reference_id":"","reference_type":"","scores":[{"value":"0.01556","scoring_system":"epss","scoring_elements":"0.81779","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01556","scoring_system":"epss","scoring_elements":"0.81813","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1146"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773","reference_id":"617773","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=683650","reference_id":"683650","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=683650"},{"reference_url":"https://security.gentoo.org/glsa/201202-07","reference_id":"GLSA-201202-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0391","reference_id":"RHSA-2011:0391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0391"},{"reference_url":"https://usn.ubuntu.com/1094-1/","reference_id":"USN-1094-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1094-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"}],"aliases":["CVE-2011-1146"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q38b-cmvy-gybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77569?format=json","vulnerability_id":"VCID-qpvd-b2ru-d7a3","summary":"The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4291.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4291","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1466","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14733","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4291"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1006509","reference_id":"1006509","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1006509"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4291"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpvd-b2ru-d7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77570?format=json","vulnerability_id":"VCID-qtct-kbdm-z7ed","summary":"libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4292.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4292.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4292","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2115","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21231","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4292"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4292","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4292"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1002666","reference_id":"1002666","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1002666"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721325","reference_id":"721325","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721325"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4292"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtct-kbdm-z7ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77565?format=json","vulnerability_id":"VCID-qw96-udhq-q7b6","summary":"Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the \"virsh vcpucount dom --guest\" command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4153.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4153.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4153","reference_id":"","reference_type":"","scores":[{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.70998","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.7104","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4153"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717354","reference_id":"717354","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717354"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=986383","reference_id":"986383","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=986383"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4153"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qw96-udhq-q7b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3904?format=json","vulnerability_id":"VCID-r61c-726k-bfh5","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25637","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30936","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31003","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25637"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881037","reference_id":"1881037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881037"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555","reference_id":"971555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555"},{"reference_url":"https://security.archlinux.org/ASA-202101-42","reference_id":"ASA-202101-42","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-42"},{"reference_url":"https://security.archlinux.org/AVG-1240","reference_id":"AVG-1240","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1240"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5040","reference_id":"RHSA-2020:5040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5111","reference_id":"RHSA-2020:5111","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1762","reference_id":"RHSA-2021:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1762"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-25637"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r61c-726k-bfh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77578?format=json","vulnerability_id":"VCID-rrcc-k1cq-5ugw","summary":"virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4400.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4400.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4400","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16876","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4400"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1015228","reference_id":"1015228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1015228"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727101","reference_id":"727101","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727101"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4400"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrcc-k1cq-5ugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77561?format=json","vulnerability_id":"VCID-swqk-4gu6-nkdq","summary":"libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1766.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1766","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17823","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17901","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1766"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701649","reference_id":"701649","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701649"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=915718","reference_id":"915718","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=915718"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"}],"aliases":["CVE-2013-1766"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swqk-4gu6-nkdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77633?format=json","vulnerability_id":"VCID-t296-efx6-1yba","summary":"An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3886.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3886.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3886","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64617","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64658","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3886"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694880","reference_id":"1694880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694880"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418","reference_id":"926418","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418"},{"reference_url":"https://usn.ubuntu.com/4021-1/","reference_id":"USN-4021-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4021-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-3886"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t296-efx6-1yba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77624?format=json","vulnerability_id":"VCID-t414-nm3b-cfev","summary":"util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6764.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6764","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11115","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11203","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6764"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1541444","reference_id":"1541444","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1541444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889839","reference_id":"889839","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889839"},{"reference_url":"https://security.gentoo.org/glsa/201804-07","reference_id":"GLSA-201804-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3113","reference_id":"RHSA-2018:3113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3113"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2018-6764"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t414-nm3b-cfev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77607?format=json","vulnerability_id":"VCID-tk2g-6m19-yqg3","summary":"libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5160.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5160","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34534","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34632","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5160"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1245647","reference_id":"1245647","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1245647"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796111","reference_id":"796111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2577","reference_id":"RHSA-2016:2577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2015-5160"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tk2g-6m19-yqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77557?format=json","vulnerability_id":"VCID-trpf-3d81-r3g8","summary":"libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2693.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2693","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18727","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18805","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2693"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677496","reference_id":"677496","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677496"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=831164","reference_id":"831164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=831164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0748","reference_id":"RHSA-2012:0748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0127","reference_id":"RHSA-2013:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0127"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"}],"aliases":["CVE-2012-2693"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trpf-3d81-r3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77590?format=json","vulnerability_id":"VCID-u1x7-9n1d-8qb3","summary":"Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6458.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6458.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6458","reference_id":"","reference_type":"","scores":[{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75943","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75969","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1048631","reference_id":"1048631","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1048631"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734556","reference_id":"734556","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734556"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0103","reference_id":"RHSA-2014:0103","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0103"},{"reference_url":"https://usn.ubuntu.com/2093-1/","reference_id":"USN-2093-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2093-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/6322?format=json","purl":"pkg:deb/debian/libvirt@1.2.4-1~bpo70%2B1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.4-1~bpo70%252B1.1"}],"aliases":["CVE-2013-6458"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u1x7-9n1d-8qb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77581?format=json","vulnerability_id":"VCID-urzt-z32b-97dp","summary":"The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML.  NOTE: some of these details are obtained from third party information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4401.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4401","reference_id":"","reference_type":"","scores":[{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.81214","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.81242","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1015259","reference_id":"1015259","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1015259"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727101","reference_id":"727101","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727101"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://usn.ubuntu.com/2026-1/","reference_id":"USN-2026-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2026-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6321?format=json","purl":"pkg:deb/debian/libvirt@1.2.1-1~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.1-1~bpo70%252B1"}],"aliases":["CVE-2013-4401"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urzt-z32b-97dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77629?format=json","vulnerability_id":"VCID-v25d-upc8-wfh4","summary":"The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10167.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10167","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37323","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37414","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720117","reference_id":"1720117","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720117"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6327?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10167"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v25d-upc8-wfh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77597?format=json","vulnerability_id":"VCID-vsx2-9wna-nuf2","summary":"libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue.  NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5177.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5177","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29631","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.297","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088290","reference_id":"1088290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088290"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0914","reference_id":"RHSA-2014:0914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0914"},{"reference_url":"https://usn.ubuntu.com/2366-1/","reference_id":"USN-2366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2366-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-5177"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vsx2-9wna-nuf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77555?format=json","vulnerability_id":"VCID-weet-hgv1-7bb9","summary":"Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2511.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2511","reference_id":"","reference_type":"","scores":[{"value":"0.03415","scoring_system":"epss","scoring_elements":"0.8766","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03415","scoring_system":"epss","scoring_elements":"0.87681","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2511"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630","reference_id":"633630","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=717199","reference_id":"717199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=717199"},{"reference_url":"https://security.gentoo.org/glsa/201202-07","reference_id":"GLSA-201202-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1019","reference_id":"RHSA-2011:1019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1197","reference_id":"RHSA-2011:1197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1197"},{"reference_url":"https://usn.ubuntu.com/1180-1/","reference_id":"USN-1180-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1180-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"}],"aliases":["CVE-2011-2511"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-weet-hgv1-7bb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77650?format=json","vulnerability_id":"VCID-wtyd-7ppt-23cj","summary":"A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2496","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18729","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269672","reference_id":"2269672","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269672"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2496","reference_id":"CVE-2024-2496","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2236","reference_id":"RHSA-2024:2236","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2236"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-2496"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtyd-7ppt-23cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77608?format=json","vulnerability_id":"VCID-x248-nq74-wbbs","summary":"The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5247.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5247.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5247","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60351","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60398","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5247"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1259350","reference_id":"1259350","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1259350"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799132","reference_id":"799132","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799132"},{"reference_url":"https://usn.ubuntu.com/2867-1/","reference_id":"USN-2867-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2867-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2015-5247"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x248-nq74-wbbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77559?format=json","vulnerability_id":"VCID-xkb7-cjga-pybw","summary":"The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a \"gap\" in the RPC dispatch table.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4423.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4423.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4423","reference_id":"","reference_type":"","scores":[{"value":"0.0287","scoring_system":"epss","scoring_elements":"0.86538","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0287","scoring_system":"epss","scoring_elements":"0.8656","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4423"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687598","reference_id":"687598","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687598"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=857133","reference_id":"857133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=857133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1359","reference_id":"RHSA-2012:1359","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1359"},{"reference_url":"https://usn.ubuntu.com/1708-1/","reference_id":"USN-1708-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1708-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"}],"aliases":["CVE-2012-4423"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkb7-cjga-pybw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77556?format=json","vulnerability_id":"VCID-xxtc-8yjh-73h8","summary":"The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4600.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4600.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4600","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57769","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57821","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4600"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=765964","reference_id":"765964","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=765964"},{"reference_url":"https://usn.ubuntu.com/2867-1/","reference_id":"USN-2867-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2867-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"}],"aliases":["CVE-2011-4600"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxtc-8yjh-73h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77593?format=json","vulnerability_id":"VCID-yb4y-39u3-eufg","summary":"libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue.  NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0179","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28286","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28358","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088290","reference_id":"1088290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088290"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0560","reference_id":"RHSA-2014:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0914","reference_id":"RHSA-2014:0914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0914"},{"reference_url":"https://usn.ubuntu.com/2366-1/","reference_id":"USN-2366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2366-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-0179"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yb4y-39u3-eufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77553?format=json","vulnerability_id":"VCID-yhk7-v8zt-hbev","summary":"libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1486.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1486.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1486","reference_id":"","reference_type":"","scores":[{"value":"0.00859","scoring_system":"epss","scoring_elements":"0.75364","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00859","scoring_system":"epss","scoring_elements":"0.75393","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1486"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1486","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1486"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623222","reference_id":"623222","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623222"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=693391","reference_id":"693391","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=693391"},{"reference_url":"https://security.gentoo.org/glsa/201202-07","reference_id":"GLSA-201202-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0478","reference_id":"RHSA-2011:0478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0479","reference_id":"RHSA-2011:0479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0479"},{"reference_url":"https://usn.ubuntu.com/1152-1/","reference_id":"USN-1152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1152-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"}],"aliases":["CVE-2011-1486"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhk7-v8zt-hbev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77558?format=json","vulnerability_id":"VCID-ys1x-s4vn-tffu","summary":"The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3445.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3445.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3445","reference_id":"","reference_type":"","scores":[{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.80232","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.80257","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3445"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683483","reference_id":"683483","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683483"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=844734","reference_id":"844734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=844734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1202","reference_id":"RHSA-2012:1202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1202"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"}],"aliases":["CVE-2012-3445"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ys1x-s4vn-tffu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77560?format=json","vulnerability_id":"VCID-yxud-sjwj-afh1","summary":"Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0170.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0170","reference_id":"","reference_type":"","scores":[{"value":"0.2022","scoring_system":"epss","scoring_elements":"0.95622","published_at":"2026-06-04T12:55:00Z"},{"value":"0.2022","scoring_system":"epss","scoring_elements":"0.95627","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0170"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0170","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0170"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699224","reference_id":"699224","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699224"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=893450","reference_id":"893450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=893450"},{"reference_url":"https://security.gentoo.org/glsa/201309-18","reference_id":"GLSA-201309-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0199","reference_id":"RHSA-2013:0199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0199"},{"reference_url":"https://usn.ubuntu.com/1708-1/","reference_id":"USN-1708-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1708-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"}],"aliases":["CVE-2013-0170"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxud-sjwj-afh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77618?format=json","vulnerability_id":"VCID-ztu1-8yz5-tyc6","summary":"libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000256.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000256","reference_id":"","reference_type":"","scores":[{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73915","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73951","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503658","reference_id":"1503658","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503658"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799","reference_id":"878799","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2017-1000256"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztu1-8yz5-tyc6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77550?format=json","vulnerability_id":"VCID-2hsw-vx7r-wqd5","summary":"Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2239.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2239.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2239","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25476","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25576","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2239"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2239","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2239"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=607812","reference_id":"607812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=607812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0615","reference_id":"RHSA-2010:0615","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0615"},{"reference_url":"https://usn.ubuntu.com/1008-1/","reference_id":"USN-1008-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1008-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6319?format=json","purl":"pkg:deb/debian/libvirt@0.8.3-5%2Bsqueeze5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-b83z-k3uw-sqfs"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-q38b-cmvy-gybh"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-swqk-4gu6-nkdq"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-trpf-3d81-r3g8"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-weet-hgv1-7bb9"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-xkb7-cjga-pybw"},{"vulnerability":"VCID-xxtc-8yjh-73h8"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-yhk7-v8zt-hbev"},{"vulnerability":"VCID-ys1x-s4vn-tffu"},{"vulnerability":"VCID-yxud-sjwj-afh1"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.3-5%252Bsqueeze5"}],"aliases":["CVE-2010-2239"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hsw-vx7r-wqd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77551?format=json","vulnerability_id":"VCID-bm6v-rps8-8kbt","summary":"Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2242.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2242.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2242","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19108","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1918","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2242"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2242","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2242"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=602455","reference_id":"602455","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=602455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0615","reference_id":"RHSA-2010:0615","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0615"},{"reference_url":"https://usn.ubuntu.com/1008-1/","reference_id":"USN-1008-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1008-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6319?format=json","purl":"pkg:deb/debian/libvirt@0.8.3-5%2Bsqueeze5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-b83z-k3uw-sqfs"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-q38b-cmvy-gybh"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-swqk-4gu6-nkdq"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-trpf-3d81-r3g8"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-weet-hgv1-7bb9"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-xkb7-cjga-pybw"},{"vulnerability":"VCID-xxtc-8yjh-73h8"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-yhk7-v8zt-hbev"},{"vulnerability":"VCID-ys1x-s4vn-tffu"},{"vulnerability":"VCID-yxud-sjwj-afh1"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.3-5%252Bsqueeze5"}],"aliases":["CVE-2010-2242"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bm6v-rps8-8kbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77548?format=json","vulnerability_id":"VCID-h2s4-zbk4-dbgk","summary":"Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2237.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2237.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2237","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21596","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21675","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2237"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=607810","reference_id":"607810","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=607810"},{"reference_url":"https://usn.ubuntu.com/1008-1/","reference_id":"USN-1008-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1008-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6319?format=json","purl":"pkg:deb/debian/libvirt@0.8.3-5%2Bsqueeze5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-b83z-k3uw-sqfs"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-q38b-cmvy-gybh"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-swqk-4gu6-nkdq"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-trpf-3d81-r3g8"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-weet-hgv1-7bb9"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-xkb7-cjga-pybw"},{"vulnerability":"VCID-xxtc-8yjh-73h8"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-yhk7-v8zt-hbev"},{"vulnerability":"VCID-ys1x-s4vn-tffu"},{"vulnerability":"VCID-yxud-sjwj-afh1"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.3-5%252Bsqueeze5"}],"aliases":["CVE-2010-2237"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2s4-zbk4-dbgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77549?format=json","vulnerability_id":"VCID-xkb6-5bav-f7ep","summary":"Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2238.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2238.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2238","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21596","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21675","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2238"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=607811","reference_id":"607811","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=607811"},{"reference_url":"https://usn.ubuntu.com/1008-1/","reference_id":"USN-1008-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1008-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6319?format=json","purl":"pkg:deb/debian/libvirt@0.8.3-5%2Bsqueeze5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-b83z-k3uw-sqfs"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-q38b-cmvy-gybh"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-swqk-4gu6-nkdq"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-trpf-3d81-r3g8"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-weet-hgv1-7bb9"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-xkb7-cjga-pybw"},{"vulnerability":"VCID-xxtc-8yjh-73h8"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-yhk7-v8zt-hbev"},{"vulnerability":"VCID-ys1x-s4vn-tffu"},{"vulnerability":"VCID-yxud-sjwj-afh1"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.3-5%252Bsqueeze5"}],"aliases":["CVE-2010-2238"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkb6-5bav-f7ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77547?format=json","vulnerability_id":"VCID-y435-b4r1-ekdg","summary":"Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0036.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0036.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0036","reference_id":"","reference_type":"","scores":[{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50386","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50447","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0036"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=484947","reference_id":"484947","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=484947"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/8534.c","reference_id":"CVE-2009-0036;OSVDB-51866","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/8534.c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0382","reference_id":"RHSA-2009:0382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0382"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6319?format=json","purl":"pkg:deb/debian/libvirt@0.8.3-5%2Bsqueeze5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-b83z-k3uw-sqfs"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-q38b-cmvy-gybh"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-swqk-4gu6-nkdq"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-trpf-3d81-r3g8"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-weet-hgv1-7bb9"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-xkb7-cjga-pybw"},{"vulnerability":"VCID-xxtc-8yjh-73h8"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-yhk7-v8zt-hbev"},{"vulnerability":"VCID-ys1x-s4vn-tffu"},{"vulnerability":"VCID-yxud-sjwj-afh1"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.3-5%252Bsqueeze5"}],"aliases":["CVE-2009-0036"],"risk_score":7.0,"exploitability":"2.0","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y435-b4r1-ekdg"}],"risk_score":"5.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.8.3-5%252Bsqueeze5"}