{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","type":"deb","namespace":"debian","name":"libvirt","version":"5.0.0-4+deb10u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.3.0-2~bpo12+1","latest_non_vulnerable_version":"11.3.0-2~bpo12+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77648?format=json","vulnerability_id":"VCID-4sf9-8j9p-3fgz","summary":"An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1441","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17875","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058","reference_id":"1066058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263841","reference_id":"2263841","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263841"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1441","reference_id":"CVE-2024-1441","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1441"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2560","reference_id":"RHSA-2024:2560","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2560"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"},{"reference_url":"https://usn.ubuntu.com/6734-2/","reference_id":"USN-6734-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-1441"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sf9-8j9p-3fgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77642?format=json","vulnerability_id":"VCID-53fz-t4zs-7kbk","summary":"A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3975","reference_id":"","reference_type":"","scores":[{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69698","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69738","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024326","reference_id":"2024326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1759","reference_id":"RHSA-2022:1759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1759"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3975"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53fz-t4zs-7kbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77636?format=json","vulnerability_id":"VCID-6pj3-mq9g-yye9","summary":"An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12430","reference_id":"","reference_type":"","scores":[{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72759","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72797","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828190","reference_id":"1828190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828190"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447","reference_id":"959447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447"},{"reference_url":"https://usn.ubuntu.com/4371-1/","reference_id":"USN-4371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-12430"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pj3-mq9g-yye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5836?format=json","vulnerability_id":"VCID-abdh-e635-17cp","summary":"privilege escalation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14339","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4141","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41486","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860069","reference_id":"1860069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860069"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563","reference_id":"966563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563"},{"reference_url":"https://security.archlinux.org/ASA-202009-8","reference_id":"ASA-202009-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-8"},{"reference_url":"https://security.archlinux.org/AVG-1232","reference_id":"AVG-1232","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1232"},{"reference_url":"https://security.gentoo.org/glsa/202101-22","reference_id":"GLSA-202101-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-22"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3586","reference_id":"RHSA-2020:3586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-14339"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abdh-e635-17cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77643?format=json","vulnerability_id":"VCID-cjpk-feb2-zqds","summary":"A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4147","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23267","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535","reference_id":"1002535","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034195","reference_id":"2034195","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034195"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-4147"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjpk-feb2-zqds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77649?format=json","vulnerability_id":"VCID-gneu-b3qk-q7e4","summary":"A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2494","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07697","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461","reference_id":"1067461","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270115","reference_id":"2270115","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270115"},{"reference_url":"https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/","reference_id":"BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2494","reference_id":"CVE-2024-2494","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2494"},{"reference_url":"https://security.gentoo.org/glsa/202412-16","reference_id":"GLSA-202412-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2560","reference_id":"RHSA-2024:2560","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3253","reference_id":"RHSA-2024:3253","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3253"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"},{"reference_url":"https://usn.ubuntu.com/6734-2/","reference_id":"USN-6734-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-2494"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gneu-b3qk-q7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77641?format=json","vulnerability_id":"VCID-j71z-t8bh-wbb4","summary":"An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3667","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63249","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63292","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986094","reference_id":"1986094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594","reference_id":"991594","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594"},{"reference_url":"https://security.archlinux.org/AVG-2230","reference_id":"AVG-2230","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2230"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3703","reference_id":"RHSA-2021:3703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3704","reference_id":"RHSA-2021:3704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4191","reference_id":"RHSA-2021:4191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4191"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3667"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j71z-t8bh-wbb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5888?format=json","vulnerability_id":"VCID-kjnb-e6nd-wudn","summary":"denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10703","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72162","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72203","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816650","reference_id":"1816650","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816650"},{"reference_url":"https://security.archlinux.org/AVG-1174","reference_id":"AVG-1174","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4000","reference_id":"RHSA-2020:4000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"},{"reference_url":"https://usn.ubuntu.com/4371-1/","reference_id":"USN-4371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-10703"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjnb-e6nd-wudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77631?format=json","vulnerability_id":"VCID-mtgm-vqw9-1ubf","summary":"qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20485","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40896","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40973","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809740","reference_id":"1809740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078","reference_id":"953078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4000","reference_id":"RHSA-2020:4000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2019-20485"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtgm-vqw9-1ubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77634?format=json","vulnerability_id":"VCID-myg3-46rj-3qax","summary":"A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10701","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47648","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47712","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819163","reference_id":"1819163","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819163"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841","reference_id":"955841","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-10701"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myg3-46rj-3qax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7269?format=json","vulnerability_id":"VCID-psr7-vapd-6udz","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3631","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20917","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2","reference_id":"15073504dbb624d3f6c911e85557019d3620fdb2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2"},{"reference_url":"https://gitlab.com/libvirt/libvirt/-/issues/153","reference_id":"153","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://gitlab.com/libvirt/libvirt/-/issues/153"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977726","reference_id":"1977726","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977726"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709","reference_id":"990709","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709"},{"reference_url":"https://security.archlinux.org/AVG-2124","reference_id":"AVG-2124","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2124"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220331-0010/","reference_id":"ntap-20220331-0010","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220331-0010/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3631","reference_id":"RHSA-2021:3631","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2021:3631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3703","reference_id":"RHSA-2021:3703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3704","reference_id":"RHSA-2021:3704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4191","reference_id":"RHSA-2021:4191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4191"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3631"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psr7-vapd-6udz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77644?format=json","vulnerability_id":"VCID-q2ng-jgm7-8uc9","summary":"A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0897","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23204","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23286","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075","reference_id":"1009075","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063883","reference_id":"2063883","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063883"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7472","reference_id":"RHSA-2022:7472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8003","reference_id":"RHSA-2022:8003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8003"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"},{"reference_url":"https://usn.ubuntu.com/6126-1/","reference_id":"USN-6126-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6126-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2022-0897"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2ng-jgm7-8uc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3904?format=json","vulnerability_id":"VCID-r61c-726k-bfh5","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25637","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30936","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31003","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25637"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881037","reference_id":"1881037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881037"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555","reference_id":"971555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555"},{"reference_url":"https://security.archlinux.org/ASA-202101-42","reference_id":"ASA-202101-42","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-42"},{"reference_url":"https://security.archlinux.org/AVG-1240","reference_id":"AVG-1240","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1240"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5040","reference_id":"RHSA-2020:5040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5111","reference_id":"RHSA-2020:5111","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1762","reference_id":"RHSA-2021:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1762"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-25637"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r61c-726k-bfh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77650?format=json","vulnerability_id":"VCID-wtyd-7ppt-23cj","summary":"A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2496","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18729","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269672","reference_id":"2269672","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269672"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2496","reference_id":"CVE-2024-2496","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2236","reference_id":"RHSA-2024:2236","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2236"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-2496"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtyd-7ppt-23cj"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77632?format=json","vulnerability_id":"VCID-8u2b-ad6e-ukaw","summary":"A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3840.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3840","reference_id":"","reference_type":"","scores":[{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72589","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72629","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3840"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665228","reference_id":"1665228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2294","reference_id":"RHSA-2019:2294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2294"},{"reference_url":"https://usn.ubuntu.com/3909-1/","reference_id":"USN-3909-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3909-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-3840"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2b-ad6e-ukaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77625?format=json","vulnerability_id":"VCID-bzyu-42js-e3e6","summary":"A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10132.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10132.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10132","reference_id":"","reference_type":"","scores":[{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.79942","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.79967","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1706067","reference_id":"1706067","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1706067"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334","reference_id":"929334","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1264","reference_id":"RHSA-2019:1264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1268","reference_id":"RHSA-2019:1268","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1268"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1455","reference_id":"RHSA-2019:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1455"},{"reference_url":"https://usn.ubuntu.com/4021-1/","reference_id":"USN-4021-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4021-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10132"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzyu-42js-e3e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77623?format=json","vulnerability_id":"VCID-cf81-wpvh-kqa2","summary":"qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5748.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5748","reference_id":"","reference_type":"","scores":[{"value":"0.01494","scoring_system":"epss","scoring_elements":"0.81405","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01494","scoring_system":"epss","scoring_elements":"0.81432","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1528396","reference_id":"1528396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1528396"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700","reference_id":"887700","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700"},{"reference_url":"https://security.gentoo.org/glsa/201804-07","reference_id":"GLSA-201804-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-07"},{"reference_url":"https://security.gentoo.org/glsa/201804-08","reference_id":"GLSA-201804-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1396","reference_id":"RHSA-2018:1396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1929","reference_id":"RHSA-2018:1929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1929"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2018-5748"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf81-wpvh-kqa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77630?format=json","vulnerability_id":"VCID-etr9-c84d-vuhr","summary":"The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10168.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10168","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45272","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4534","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720118","reference_id":"1720118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720118"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10168"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-etr9-c84d-vuhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77628?format=json","vulnerability_id":"VCID-jtjs-y7k7-r7ae","summary":"It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10166.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10166","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33654","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33755","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720114","reference_id":"1720114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720114"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10166"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtjs-y7k7-r7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77622?format=json","vulnerability_id":"VCID-n2nm-knaw-gkgx","summary":"libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1064.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1064","reference_id":"","reference_type":"","scores":[{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80923","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80952","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550672","reference_id":"1550672","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1396","reference_id":"RHSA-2018:1396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1929","reference_id":"RHSA-2018:1929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1929"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6325?format=json","purl":"pkg:deb/debian/libvirt@1.2.9-9%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-75av-3nr7-bkh1"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bes6-jjfw-tbdx"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j5b5-zjxe-ffhu"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-k2ku-9mx2-b3a9"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-tk2g-6m19-yqg3"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-x248-nq74-wbbs"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@1.2.9-9%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/6327?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2018-1064"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2nm-knaw-gkgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77626?format=json","vulnerability_id":"VCID-pqyk-2c8e-5yh5","summary":"It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10161.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10161.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10161","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49462","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49525","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720115","reference_id":"1720115","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720115"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1578","reference_id":"RHSA-2019:1578","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1578"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"},{"reference_url":"https://usn.ubuntu.com/4047-2/","reference_id":"USN-4047-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6327?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10161"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqyk-2c8e-5yh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77633?format=json","vulnerability_id":"VCID-t296-efx6-1yba","summary":"An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3886.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3886.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3886","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64617","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64658","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3886"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694880","reference_id":"1694880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1694880"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418","reference_id":"926418","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418"},{"reference_url":"https://usn.ubuntu.com/4021-1/","reference_id":"USN-4021-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4021-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-3886"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t296-efx6-1yba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77624?format=json","vulnerability_id":"VCID-t414-nm3b-cfev","summary":"util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6764.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6764","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11115","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11203","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6764"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1541444","reference_id":"1541444","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1541444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889839","reference_id":"889839","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889839"},{"reference_url":"https://security.gentoo.org/glsa/201804-07","reference_id":"GLSA-201804-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3113","reference_id":"RHSA-2018:3113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3113"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2018-6764"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t414-nm3b-cfev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77629?format=json","vulnerability_id":"VCID-v25d-upc8-wfh4","summary":"The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10167.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10167","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37323","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37414","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720117","reference_id":"1720117","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1720117"},{"reference_url":"https://security.gentoo.org/glsa/202003-18","reference_id":"GLSA-202003-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1579","reference_id":"RHSA-2019:1579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1580","reference_id":"RHSA-2019:1580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1699","reference_id":"RHSA-2019:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1762","reference_id":"RHSA-2019:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1762"},{"reference_url":"https://usn.ubuntu.com/4047-1/","reference_id":"USN-4047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6327?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2019-10167"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v25d-upc8-wfh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77618?format=json","vulnerability_id":"VCID-ztu1-8yz5-tyc6","summary":"libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000256.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000256","reference_id":"","reference_type":"","scores":[{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73915","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73951","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503658","reference_id":"1503658","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503658"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799","reference_id":"878799","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799"},{"reference_url":"https://usn.ubuntu.com/3576-1/","reference_id":"USN-3576-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3576-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6326?format=json","purl":"pkg:deb/debian/libvirt@3.0.0-4%2Bdeb9u2~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-8u2b-ad6e-ukaw"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-bzyu-42js-e3e6"},{"vulnerability":"VCID-cf81-wpvh-kqa2"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-etr9-c84d-vuhr"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-jtjs-y7k7-r7ae"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-n2nm-knaw-gkgx"},{"vulnerability":"VCID-pqyk-2c8e-5yh5"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-t296-efx6-1yba"},{"vulnerability":"VCID-t414-nm3b-cfev"},{"vulnerability":"VCID-v25d-upc8-wfh4"},{"vulnerability":"VCID-wtyd-7ppt-23cj"},{"vulnerability":"VCID-ztu1-8yz5-tyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@3.0.0-4%252Bdeb9u2~bpo8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/6328?format=json","purl":"pkg:deb/debian/libvirt@5.0.0-4%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sf9-8j9p-3fgz"},{"vulnerability":"VCID-53fz-t4zs-7kbk"},{"vulnerability":"VCID-6pj3-mq9g-yye9"},{"vulnerability":"VCID-abdh-e635-17cp"},{"vulnerability":"VCID-cjpk-feb2-zqds"},{"vulnerability":"VCID-gneu-b3qk-q7e4"},{"vulnerability":"VCID-j71z-t8bh-wbb4"},{"vulnerability":"VCID-kjnb-e6nd-wudn"},{"vulnerability":"VCID-mtgm-vqw9-1ubf"},{"vulnerability":"VCID-myg3-46rj-3qax"},{"vulnerability":"VCID-psr7-vapd-6udz"},{"vulnerability":"VCID-q2ng-jgm7-8uc9"},{"vulnerability":"VCID-r61c-726k-bfh5"},{"vulnerability":"VCID-wtyd-7ppt-23cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}],"aliases":["CVE-2017-1000256"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztu1-8yz5-tyc6"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@5.0.0-4%252Bdeb10u1"}