{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","type":"deb","namespace":"debian","name":"libvirt","version":"7.0.0-3+deb11u3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.3.0-2~bpo12+1","latest_non_vulnerable_version":"11.3.0-2~bpo12+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72580?format=json","vulnerability_id":"VCID-gt15-erjf-tucj","summary":"libvirt: Denial of service in XML parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12748.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12748","reference_id":"","reference_type":"","scores":[{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28814","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12748"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120584","reference_id":"1120584","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120584"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413801","reference_id":"2413801","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T14:40:15Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413801"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.2","reference_id":"cpe:/o:redhat:enterprise_linux:10.2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12748","reference_id":"CVE-2025-12748","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T14:40:15Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18326","reference_id":"RHSA-2026:18326","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T14:40:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:18326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18748","reference_id":"RHSA-2026:18748","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T14:40:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:18748"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/511631?format=json","purl":"pkg:deb/debian/libvirt@11.3.0-2~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@11.3.0-2~bpo12%252B1"}],"aliases":["CVE-2025-12748"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gt15-erjf-tucj"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77648?format=json","vulnerability_id":"VCID-4sf9-8j9p-3fgz","summary":"An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1441.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1441","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17875","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1441"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058","reference_id":"1066058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263841","reference_id":"2263841","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263841"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1441","reference_id":"CVE-2024-1441","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1441"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2560","reference_id":"RHSA-2024:2560","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:29:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2560"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"},{"reference_url":"https://usn.ubuntu.com/6734-2/","reference_id":"USN-6734-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-1441"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sf9-8j9p-3fgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77642?format=json","vulnerability_id":"VCID-53fz-t4zs-7kbk","summary":"A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3975","reference_id":"","reference_type":"","scores":[{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69698","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69738","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3975"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024326","reference_id":"2024326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1759","reference_id":"RHSA-2022:1759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1759"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3975"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53fz-t4zs-7kbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77636?format=json","vulnerability_id":"VCID-6pj3-mq9g-yye9","summary":"An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12430.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12430","reference_id":"","reference_type":"","scores":[{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72759","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72797","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828190","reference_id":"1828190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828190"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447","reference_id":"959447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447"},{"reference_url":"https://usn.ubuntu.com/4371-1/","reference_id":"USN-4371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-12430"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pj3-mq9g-yye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5836?format=json","vulnerability_id":"VCID-abdh-e635-17cp","summary":"privilege escalation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14339.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14339","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4141","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41486","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860069","reference_id":"1860069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860069"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563","reference_id":"966563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563"},{"reference_url":"https://security.archlinux.org/ASA-202009-8","reference_id":"ASA-202009-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-8"},{"reference_url":"https://security.archlinux.org/AVG-1232","reference_id":"AVG-1232","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1232"},{"reference_url":"https://security.gentoo.org/glsa/202101-22","reference_id":"GLSA-202101-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-22"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3586","reference_id":"RHSA-2020:3586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-14339"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abdh-e635-17cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77643?format=json","vulnerability_id":"VCID-cjpk-feb2-zqds","summary":"A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4147","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23267","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4147"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535","reference_id":"1002535","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002535"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034195","reference_id":"2034195","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034195"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-4147"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjpk-feb2-zqds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77649?format=json","vulnerability_id":"VCID-gneu-b3qk-q7e4","summary":"A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2494","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07697","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461","reference_id":"1067461","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067461"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270115","reference_id":"2270115","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270115"},{"reference_url":"https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/","reference_id":"BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2494","reference_id":"CVE-2024-2494","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2494"},{"reference_url":"https://security.gentoo.org/glsa/202412-16","reference_id":"GLSA-202412-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2560","reference_id":"RHSA-2024:2560","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3253","reference_id":"RHSA-2024:3253","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T15:14:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3253"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"},{"reference_url":"https://usn.ubuntu.com/6734-2/","reference_id":"USN-6734-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-2494"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gneu-b3qk-q7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77641?format=json","vulnerability_id":"VCID-j71z-t8bh-wbb4","summary":"An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3667.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3667","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63249","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63292","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3667"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986094","reference_id":"1986094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594","reference_id":"991594","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594"},{"reference_url":"https://security.archlinux.org/AVG-2230","reference_id":"AVG-2230","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2230"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3703","reference_id":"RHSA-2021:3703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3704","reference_id":"RHSA-2021:3704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4191","reference_id":"RHSA-2021:4191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4191"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3667"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j71z-t8bh-wbb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5888?format=json","vulnerability_id":"VCID-kjnb-e6nd-wudn","summary":"denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10703.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10703","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72162","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72203","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816650","reference_id":"1816650","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816650"},{"reference_url":"https://security.archlinux.org/AVG-1174","reference_id":"AVG-1174","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4000","reference_id":"RHSA-2020:4000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"},{"reference_url":"https://usn.ubuntu.com/4371-1/","reference_id":"USN-4371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-10703"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjnb-e6nd-wudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77631?format=json","vulnerability_id":"VCID-mtgm-vqw9-1ubf","summary":"qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20485.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20485","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40896","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40973","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809740","reference_id":"1809740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078","reference_id":"953078","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4000","reference_id":"RHSA-2020:4000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4676","reference_id":"RHSA-2020:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2019-20485"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtgm-vqw9-1ubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77634?format=json","vulnerability_id":"VCID-myg3-46rj-3qax","summary":"A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10701","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47648","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47712","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10701"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819163","reference_id":"1819163","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819163"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841","reference_id":"955841","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-10701"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myg3-46rj-3qax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7269?format=json","vulnerability_id":"VCID-psr7-vapd-6udz","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3631.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3631","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20917","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2","reference_id":"15073504dbb624d3f6c911e85557019d3620fdb2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2"},{"reference_url":"https://gitlab.com/libvirt/libvirt/-/issues/153","reference_id":"153","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://gitlab.com/libvirt/libvirt/-/issues/153"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977726","reference_id":"1977726","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977726"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709","reference_id":"990709","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709"},{"reference_url":"https://security.archlinux.org/AVG-2124","reference_id":"AVG-2124","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2124"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220331-0010/","reference_id":"ntap-20220331-0010","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220331-0010/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3631","reference_id":"RHSA-2021:3631","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:33:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2021:3631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3703","reference_id":"RHSA-2021:3703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3704","reference_id":"RHSA-2021:3704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4191","reference_id":"RHSA-2021:4191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4191"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2021-3631"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psr7-vapd-6udz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77644?format=json","vulnerability_id":"VCID-q2ng-jgm7-8uc9","summary":"A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0897","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23204","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23286","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075","reference_id":"1009075","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009075"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063883","reference_id":"2063883","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063883"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-08T15:53:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7472","reference_id":"RHSA-2022:7472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8003","reference_id":"RHSA-2022:8003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8003"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"},{"reference_url":"https://usn.ubuntu.com/6126-1/","reference_id":"USN-6126-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6126-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2022-0897"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2ng-jgm7-8uc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3904?format=json","vulnerability_id":"VCID-r61c-726k-bfh5","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25637","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30936","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31003","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25637"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881037","reference_id":"1881037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881037"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555","reference_id":"971555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555"},{"reference_url":"https://security.archlinux.org/ASA-202101-42","reference_id":"ASA-202101-42","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-42"},{"reference_url":"https://security.archlinux.org/AVG-1240","reference_id":"AVG-1240","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1240"},{"reference_url":"https://security.gentoo.org/glsa/202210-06","reference_id":"GLSA-202210-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5040","reference_id":"RHSA-2020:5040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5111","reference_id":"RHSA-2020:5111","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1762","reference_id":"RHSA-2021:1762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1762"},{"reference_url":"https://usn.ubuntu.com/5399-1/","reference_id":"USN-5399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2020-25637"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r61c-726k-bfh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77650?format=json","vulnerability_id":"VCID-wtyd-7ppt-23cj","summary":"A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2496.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2496","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18729","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269672","reference_id":"2269672","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269672"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8","reference_id":"cpe:/a:redhat:advanced_virtualization:8::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_virtualization:8::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2496","reference_id":"CVE-2024-2496","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2236","reference_id":"RHSA-2024:2236","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:25:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2236"},{"reference_url":"https://usn.ubuntu.com/6734-1/","reference_id":"USN-6734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6734-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6329?format=json","purl":"pkg:deb/debian/libvirt@7.0.0-3%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gt15-erjf-tucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}],"aliases":["CVE-2024-2496"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtyd-7ppt-23cj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvirt@7.0.0-3%252Bdeb11u3"}