Total
71 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-10167 | 1 Redhat | 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 6 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. | |||||
CVE-2019-3840 | 2 Opensuse, Redhat | 2 Leap, Libvirt | 2023-12-10 | 3.5 LOW | 6.3 MEDIUM |
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. | |||||
CVE-2016-10746 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | |||||
CVE-2017-2635 | 1 Redhat | 1 Libvirt | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service. | |||||
CVE-2018-1064 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | |||||
CVE-2018-6764 | 3 Canonical, Debian, Redhat | 7 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 4 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | |||||
CVE-2018-5748 | 2 Debian, Redhat | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. | |||||
CVE-2017-1000256 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |||||
CVE-2011-4600 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. | |||||
CVE-2015-5313 | 1 Redhat | 1 Libvirt | 2023-12-10 | 1.9 LOW | 2.5 LOW |
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. | |||||
CVE-2015-5247 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. | |||||
CVE-2016-5008 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2023-12-10 | 4.3 MEDIUM | 9.8 CRITICAL |
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | |||||
CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |||||
CVE-2014-1447 | 1 Redhat | 1 Libvirt | 2023-12-10 | 3.3 LOW | N/A |
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. | |||||
CVE-2013-6456 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2023-12-10 | 5.8 MEDIUM | N/A |
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function. | |||||
CVE-2013-7336 | 2 Opensuse, Redhat | 2 Opensuse, Libvirt | 2023-12-10 | 1.9 LOW | N/A |
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function. | |||||
CVE-2014-0028 | 1 Redhat | 1 Libvirt | 2023-12-10 | 4.3 MEDIUM | N/A |
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API. | |||||
CVE-2013-6458 | 1 Redhat | 1 Libvirt | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. | |||||
CVE-2014-8131 | 1 Redhat | 1 Libvirt | 2023-12-10 | 4.0 MEDIUM | N/A |
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. | |||||
CVE-2013-6457 | 1 Redhat | 1 Libvirt | 2023-12-10 | 5.2 MEDIUM | N/A |
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command. |