{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","type":"deb","namespace":"debian","name":"libvirt","version":"1.2.9-9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.3.0-2~bpo12+1","latest_non_vulnerable_version":"11.3.0-2~bpo12+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77648?format=json","vulnerability_id":"VCID-4sf9-8j9p-3fgz","summary":"An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1441","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17875","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17871","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17837","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058","reference_id":"1066058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263841","reference_id":"2263841","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263841"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1441","reference_id":"CVE-2024-1441","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1441"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2560","reference_id":"RHSA-2024:2560","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2560"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"},{"reference_url":"https://usn.ubuntu.com/6734-2/","reference_id":"USN-6734-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-1441"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sf9-8j9p-3fgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77642?format=json","vulnerability_id":"VCID-53fz-t4zs-7kbk","summary":"A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3975","reference_id":"","reference_type":"","scores":[{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69698","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69738","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69746","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69737","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024326","reference_id":"2024326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1759","reference_id":"RHSA-2022:1759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1759"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3975"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53fz-t4zs-7kbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77636?format=json","vulnerability_id":"VCID-6pj3-mq9g-yye9","summary":"An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12430","reference_id":"","reference_type":"","scores":[{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72759","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72797","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72805","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72787","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828190","reference_id":"1828190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828190"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447","reference_id":"959447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447"},{"reference_url":"https://usn.ubuntu.com/4371-1/","reference_id":"USN-4371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-12430"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pj3-mq9g-yye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77621?format=json","vulnerability_id":"VCID-75av-3nr7-bkh1","summary":"A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2635.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2635","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55535","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55592","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55597","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55584","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427090","reference_id":"1427090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427090"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856313","reference_id":"856313","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2017-2635"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75av-3nr7-bkh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77632?format=json","vulnerability_id":"VCID-8u2b-ad6e-ukaw","summary":"A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3840.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3840","reference_id":"","reference_type":"","scores":[{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72589","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72629","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72636","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72618","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3840"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665228","reference_id":"1665228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2294","reference_id":"RHSA-2019:2294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2294"},{"reference_url":"https://usn.ubuntu.com/3909-1/","reference_id":"USN-3909-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3909-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-3840"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2b-ad6e-ukaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5836?format=json","vulnerability_id":"VCID-abdh-e635-17cp","summary":"privilege escalation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14339","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41491","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4141","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41459","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41486","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860069","reference_id":"1860069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860069"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563","reference_id":"966563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563"},{"reference_url":"https://security.archlinux.org/ASA-202009-8","reference_id":"ASA-202009-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-8"},{"reference_url":"https://security.archlinux.org/AVG-1232","reference_id":"AVG-1232","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1232"},{"reference_url":"https://security.gentoo.org/glsa/202101-22","reference_id":"GLSA-202101-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-22"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3586","reference_id":"RHSA-2020:3586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-14339"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abdh-e635-17cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77614?format=json","vulnerability_id":"VCID-bes6-jjfw-tbdx","summary":"libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10746.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10746","reference_id":"","reference_type":"","scores":[{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67469","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.6751","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67517","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67505","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10746"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1705507","reference_id":"1705507","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1705507"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2016-10746"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bes6-jjfw-tbdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77625?format=json","vulnerability_id":"VCID-bzyu-42js-e3e6","summary":"A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10132.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10132.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10132","reference_id":"","reference_type":"","scores":[{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.79942","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.79967","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.79972","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.79968","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1706067","reference_id":"1706067","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1706067"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334","reference_id":"929334","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1264","reference_id":"RHSA-2019:1264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1268","reference_id":"RHSA-2019:1268","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1268"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1455","reference_id":"RHSA-2019:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1455"},{"reference_url":"https://usn.ubuntu.com/4021-1/","reference_id":"USN-4021-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4021-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10132"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzyu-42js-e3e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77623?format=json","vulnerability_id":"VCID-cf81-wpvh-kqa2","summary":"qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5748.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5748","reference_id":"","reference_type":"","scores":[{"value":"0.01494","scoring_system":"epss","scoring_elements":"0.81405","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01494","scoring_system":"epss","scoring_elements":"0.81432","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01494","scoring_system":"epss","scoring_elements":"0.81435","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01494","scoring_system":"epss","scoring_elements":"0.81433","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1528396","reference_id":"1528396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1528396"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700","reference_id":"887700","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700"},{"reference_url":"https://security.gentoo.org/glsa/201804-07","reference_id":"GLSA-201804-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-07"},{"reference_url":"https://security.gentoo.org/glsa/201804-08","reference_id":"GLSA-201804-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1396","reference_id":"RHSA-2018:1396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1929","reference_id":"RHSA-2018:1929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1929"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2018-5748"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf81-wpvh-kqa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77643?format=json","vulnerability_id":"VCID-cjpk-feb2-zqds","summary":"A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4147","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23267","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23351","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23336","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23291","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535","reference_id":"1002535","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034195","reference_id":"2034195","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034195"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-4147"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjpk-feb2-zqds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77630?format=json","vulnerability_id":"VCID-etr9-c84d-vuhr","summary":"The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10168.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10168","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45272","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4534","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45345","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45325","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720118","reference_id":"1720118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720118"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10168"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-etr9-c84d-vuhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77649?format=json","vulnerability_id":"VCID-gneu-b3qk-q7e4","summary":"A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2494","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07697","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07684","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07709","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461","reference_id":"1067461","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270115","reference_id":"2270115","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270115"},{"reference_url":"https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/","reference_id":"BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2494","reference_id":"CVE-2024-2494","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2494"},{"reference_url":"https://security.gentoo.org/glsa/202412-16","reference_id":"GLSA-202412-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2560","reference_id":"RHSA-2024:2560","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3253","reference_id":"RHSA-2024:3253","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3253"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"},{"reference_url":"https://usn.ubuntu.com/6734-2/","reference_id":"USN-6734-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-2494"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gneu-b3qk-q7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77616?format=json","vulnerability_id":"VCID-j5b5-zjxe-ffhu","summary":"libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5008.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5008.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5008","reference_id":"","reference_type":"","scores":[{"value":"0.02119","scoring_system":"epss","scoring_elements":"0.84448","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02119","scoring_system":"epss","scoring_elements":"0.84472","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02119","scoring_system":"epss","scoring_elements":"0.84475","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02119","scoring_system":"epss","scoring_elements":"0.84468","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5008"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351514","reference_id":"1351514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2577","reference_id":"RHSA-2016:2577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2577"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6325?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2016-5008"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5b5-zjxe-ffhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77641?format=json","vulnerability_id":"VCID-j71z-t8bh-wbb4","summary":"An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3667","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.633","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63289","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63249","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63292","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986094","reference_id":"1986094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594","reference_id":"991594","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594"},{"reference_url":"https://security.archlinux.org/AVG-2230","reference_id":"AVG-2230","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2230"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3703","reference_id":"RHSA-2021:3703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3704","reference_id":"RHSA-2021:3704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4191","reference_id":"RHSA-2021:4191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4191"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3667"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j71z-t8bh-wbb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77628?format=json","vulnerability_id":"VCID-jtjs-y7k7-r7ae","summary":"It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10166.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10166","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33654","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33755","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33768","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33735","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720114","reference_id":"1720114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720114"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10166"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtjs-y7k7-r7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77611?format=json","vulnerability_id":"VCID-k2ku-9mx2-b3a9","summary":"Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5313.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5313.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5313","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17967","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18046","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18009","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5313"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5313","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5313"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277121","reference_id":"1277121","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277121"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808273","reference_id":"808273","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808273"},{"reference_url":"https://security.gentoo.org/glsa/201612-10","reference_id":"GLSA-201612-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2577","reference_id":"RHSA-2016:2577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2577"},{"reference_url":"https://usn.ubuntu.com/2867-1/","reference_id":"USN-2867-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2867-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2015-5313"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2ku-9mx2-b3a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5888?format=json","vulnerability_id":"VCID-kjnb-e6nd-wudn","summary":"denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10703","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.7221","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72162","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72189","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72203","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816650","reference_id":"1816650","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816650"},{"reference_url":"https://security.archlinux.org/AVG-1174","reference_id":"AVG-1174","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4000","reference_id":"RHSA-2020:4000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"},{"reference_url":"https://usn.ubuntu.com/4371-1/","reference_id":"USN-4371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-10703"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjnb-e6nd-wudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77631?format=json","vulnerability_id":"VCID-mtgm-vqw9-1ubf","summary":"qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20485","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40896","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40973","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40977","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40946","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809740","reference_id":"1809740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078","reference_id":"953078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4000","reference_id":"RHSA-2020:4000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2019-20485"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtgm-vqw9-1ubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77634?format=json","vulnerability_id":"VCID-myg3-46rj-3qax","summary":"A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10701","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47648","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47712","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47713","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47694","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819163","reference_id":"1819163","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819163"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841","reference_id":"955841","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-10701"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myg3-46rj-3qax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77622?format=json","vulnerability_id":"VCID-n2nm-knaw-gkgx","summary":"libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1064.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1064","reference_id":"","reference_type":"","scores":[{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80923","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80952","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80954","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80951","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550672","reference_id":"1550672","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1396","reference_id":"RHSA-2018:1396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1929","reference_id":"RHSA-2018:1929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1929"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6325?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/6327?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2018-1064"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2nm-knaw-gkgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77626?format=json","vulnerability_id":"VCID-pqyk-2c8e-5yh5","summary":"It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10161.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10161.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10161","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33888","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49462","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49525","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49536","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720115","reference_id":"1720115","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720115"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1578","reference_id":"RHSA-2019:1578","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1578"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"},{"reference_url":"https://usn.ubuntu.com/4047-2/","reference_id":"USN-4047-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6327?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10161"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqyk-2c8e-5yh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7269?format=json","vulnerability_id":"VCID-psr7-vapd-6udz","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3631","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20859","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20917","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20903","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2","reference_id":"15073504dbb624d3f6c911e85557019d3620fdb2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2"},{"reference_url":"https://gitlab.com/libvirt/libvirt/-/issues/153","reference_id":"153","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://gitlab.com/libvirt/libvirt/-/issues/153"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977726","reference_id":"1977726","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977726"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709","reference_id":"990709","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709"},{"reference_url":"https://security.archlinux.org/AVG-2124","reference_id":"AVG-2124","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2124"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220331-0010/","reference_id":"ntap-20220331-0010","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220331-0010/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3631","reference_id":"RHSA-2021:3631","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2021:3631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3703","reference_id":"RHSA-2021:3703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3704","reference_id":"RHSA-2021:3704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4191","reference_id":"RHSA-2021:4191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4191"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3631"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psr7-vapd-6udz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77644?format=json","vulnerability_id":"VCID-q2ng-jgm7-8uc9","summary":"A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0897","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23204","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23226","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23286","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23271","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075","reference_id":"1009075","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063883","reference_id":"2063883","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063883"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7472","reference_id":"RHSA-2022:7472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8003","reference_id":"RHSA-2022:8003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8003"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"},{"reference_url":"https://usn.ubuntu.com/6126-1/","reference_id":"USN-6126-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6126-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2022-0897"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2ng-jgm7-8uc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3904?format=json","vulnerability_id":"VCID-r61c-726k-bfh5","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25637","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30971","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30936","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30937","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31003","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25637"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881037","reference_id":"1881037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881037"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555","reference_id":"971555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555"},{"reference_url":"https://security.archlinux.org/ASA-202101-42","reference_id":"ASA-202101-42","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-42"},{"reference_url":"https://security.archlinux.org/AVG-1240","reference_id":"AVG-1240","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1240"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5040","reference_id":"RHSA-2020:5040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5111","reference_id":"RHSA-2020:5111","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1762","reference_id":"RHSA-2021:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1762"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-25637"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r61c-726k-bfh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77633?format=json","vulnerability_id":"VCID-t296-efx6-1yba","summary":"An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3886.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3886.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3886","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64617","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64658","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64668","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64656","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3886"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694880","reference_id":"1694880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694880"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418","reference_id":"926418","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418"},{"reference_url":"https://usn.ubuntu.com/4021-1/","reference_id":"USN-4021-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4021-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-3886"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t296-efx6-1yba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77624?format=json","vulnerability_id":"VCID-t414-nm3b-cfev","summary":"util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6764.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6764","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11115","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11203","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11198","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11163","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6764"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1541444","reference_id":"1541444","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1541444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889839","reference_id":"889839","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889839"},{"reference_url":"https://security.gentoo.org/glsa/201804-07","reference_id":"GLSA-201804-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3113","reference_id":"RHSA-2018:3113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3113"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2018-6764"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t414-nm3b-cfev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77607?format=json","vulnerability_id":"VCID-tk2g-6m19-yqg3","summary":"libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5160.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5160","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34534","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34632","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34648","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34612","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5160"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1245647","reference_id":"1245647","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1245647"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796111","reference_id":"796111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2577","reference_id":"RHSA-2016:2577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2015-5160"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tk2g-6m19-yqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77629?format=json","vulnerability_id":"VCID-v25d-upc8-wfh4","summary":"The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10167.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10167","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37323","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37414","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3742","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37387","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720117","reference_id":"1720117","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720117"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6327?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10167"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v25d-upc8-wfh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77650?format=json","vulnerability_id":"VCID-wtyd-7ppt-23cj","summary":"A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2496","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18729","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18731","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18691","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269672","reference_id":"2269672","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269672"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2496","reference_id":"CVE-2024-2496","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2236","reference_id":"RHSA-2024:2236","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2236"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-2496"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtyd-7ppt-23cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77608?format=json","vulnerability_id":"VCID-x248-nq74-wbbs","summary":"The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5247.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5247.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5247","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60351","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60398","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60401","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.6039","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5247"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1259350","reference_id":"1259350","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1259350"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799132","reference_id":"799132","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799132"},{"reference_url":"https://usn.ubuntu.com/2867-1/","reference_id":"USN-2867-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2867-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"}],"aliases":["CVE-2015-5247"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x248-nq74-wbbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77618?format=json","vulnerability_id":"VCID-ztu1-8yz5-tyc6","summary":"libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000256.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000256","reference_id":"","reference_type":"","scores":[{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73915","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73951","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73955","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73941","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503658","reference_id":"1503658","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503658"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799","reference_id":"878799","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2017-1000256"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztu1-8yz5-tyc6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77598?format=json","vulnerability_id":"VCID-522f-y6qx-nfhn","summary":"The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7823.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7823.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7823","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67592","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67633","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.6764","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.6763","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1160817","reference_id":"1160817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1160817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769149","reference_id":"769149","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769149"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1873","reference_id":"RHSA-2014:1873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0008","reference_id":"RHSA-2015:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0008"},{"reference_url":"https://usn.ubuntu.com/2404-1/","reference_id":"USN-2404-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2404-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-7823"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-522f-y6qx-nfhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77595?format=json","vulnerability_id":"VCID-7ezn-r2xq-c7de","summary":"The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3633.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3633.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3633","reference_id":"","reference_type":"","scores":[{"value":"0.02862","scoring_system":"epss","scoring_elements":"0.86522","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02862","scoring_system":"epss","scoring_elements":"0.86545","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02862","scoring_system":"epss","scoring_elements":"0.8654","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1141131","reference_id":"1141131","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1141131"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762203","reference_id":"762203","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762203"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1352","reference_id":"RHSA-2014:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1873","reference_id":"RHSA-2014:1873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1873"},{"reference_url":"https://usn.ubuntu.com/2366-1/","reference_id":"USN-2366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2366-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-3633"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ezn-r2xq-c7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77606?format=json","vulnerability_id":"VCID-8wxg-1wr8-rfca","summary":"libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0236.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0236.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0236","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66007","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66059","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66071","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66056","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0236"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:M/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1184431","reference_id":"1184431","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1184431"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776065","reference_id":"776065","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0323","reference_id":"RHSA-2015:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0323"},{"reference_url":"https://usn.ubuntu.com/2867-1/","reference_id":"USN-2867-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2867-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2015-0236"],"risk_score":1.0,"exploitability":"0.5","weighted_severity":"2.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wxg-1wr8-rfca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77604?format=json","vulnerability_id":"VCID-9cft-v9u9-fubh","summary":"The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8136.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8136.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8136","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25071","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25167","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25154","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25101","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176176","reference_id":"1176176","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176176"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773856","reference_id":"773856","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773856"},{"reference_url":"https://security.gentoo.org/glsa/201412-36","reference_id":"GLSA-201412-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0323","reference_id":"RHSA-2015:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0323"},{"reference_url":"https://usn.ubuntu.com/2867-1/","reference_id":"USN-2867-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2867-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-8136"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cft-v9u9-fubh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77596?format=json","vulnerability_id":"VCID-g59s-kpjm-dbbg","summary":"The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3657.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3657","reference_id":"","reference_type":"","scores":[{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79947","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79973","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79978","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79974","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145667","reference_id":"1145667","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1352","reference_id":"RHSA-2014:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1873","reference_id":"RHSA-2014:1873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1873"},{"reference_url":"https://usn.ubuntu.com/2404-1/","reference_id":"USN-2404-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2404-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-3657"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g59s-kpjm-dbbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77601?format=json","vulnerability_id":"VCID-g94m-69qv-8kgk","summary":"The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a \"virsh vol-upload\" command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8135.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8135.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8135","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20935","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2101","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20996","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20951","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176182","reference_id":"1176182","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176182"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773855","reference_id":"773855","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773855"},{"reference_url":"https://security.gentoo.org/glsa/201412-36","reference_id":"GLSA-201412-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-8135"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g94m-69qv-8kgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77599?format=json","vulnerability_id":"VCID-kta6-5pt1-27at","summary":"The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8131.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8131","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59385","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59436","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59439","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59431","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8131"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172569","reference_id":"1172569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172569"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773858","reference_id":"773858","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773858"},{"reference_url":"https://security.gentoo.org/glsa/201412-36","reference_id":"GLSA-201412-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-8131"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kta6-5pt1-27at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77597?format=json","vulnerability_id":"VCID-vsx2-9wna-nuf2","summary":"libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue.  NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5177.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5177","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29631","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.297","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29664","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088290","reference_id":"1088290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088290"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0914","reference_id":"RHSA-2014:0914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0914"},{"reference_url":"https://usn.ubuntu.com/2366-1/","reference_id":"USN-2366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2366-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-5177"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vsx2-9wna-nuf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77593?format=json","vulnerability_id":"VCID-yb4y-39u3-eufg","summary":"libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue.  NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0179","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28286","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28358","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28309","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28268","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088290","reference_id":"1088290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088290"},{"reference_url":"https://security.gentoo.org/glsa/201412-04","reference_id":"GLSA-201412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0560","reference_id":"RHSA-2014:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0914","reference_id":"RHSA-2014:0914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0914"},{"reference_url":"https://usn.ubuntu.com/2366-1/","reference_id":"USN-2366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2366-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6320?format=json","purl":"pkg:deb/debian/libvirt@0.9.12.3-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-522f-y6qx-nfhn"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-5th2-yymu-x7hm"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-7ezn-r2xq-c7de"},{"vulnerability":"VCID-7ks5-8e2n-tua4"},{"vulnerability":"VCID-8fmd-jdpb-v7eb"},{"vulnerability":"VCID-8frc-fhvs-bucm"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-8wxg-1wr8-rfca"},{"vulnerability":"VCID-9cft-v9u9-fubh"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bw47-fewt-2fax"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-db3h-q8fp-b3ds"},{"vulnerability":"VCID-dqys-qxtq-7yd9"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-g2pc-1es2-3qer"},{"vulnerability":"VCID-g3k9-1rc3-xfhu"},{"vulnerability":"VCID-g59s-kpjm-dbbg"},{"vulnerability":"VCID-g94m-69qv-8kgk"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-h8hd-mdcx-tben"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-jzhx-dfgg-37ct"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-kn2h-kurp-pbcc"},{"vulnerability":"VCID-kqsz-xg9j-ukeu"},{"vulnerability":"VCID-kta6-5pt1-27at"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-mzv1-uhwm-fqd2"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-p3ja-7zqb-mybj"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-qpvd-b2ru-d7a3"},{"vulnerability":"VCID-qtct-kbdm-z7ed"},{"vulnerability":"VCID-qw96-udhq-q7b6"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-rrcc-k1cq-5ugw"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-u1x7-9n1d-8qb3"},{"vulnerability":"VCID-urzt-z32b-97dp"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-vsx2-9wna-nuf2"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-yb4y-39u3-eufg"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@0.9.12.3-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/6323?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}],"aliases":["CVE-2014-0179"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yb4y-39u3-eufg"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9"}