Total
72 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10166 | 1 Redhat | 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 6 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed. | |||||
| CVE-2019-10161 | 2 Canonical, Redhat | 5 Ubuntu Linux, Enterprise Linux, Libvirt and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. | |||||
| CVE-2019-10132 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. | |||||
| CVE-2018-6764 | 3 Canonical, Debian, Redhat | 7 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | |||||
| CVE-2018-5748 | 2 Debian, Redhat | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. | |||||
| CVE-2018-1064 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | |||||
| CVE-2017-2635 | 1 Redhat | 1 Libvirt | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service. | |||||
| CVE-2017-1000256 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |||||
| CVE-2016-5008 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-11-21 | 4.3 MEDIUM | 9.8 CRITICAL |
| libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | |||||
| CVE-2016-10746 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | |||||
| CVE-2015-5313 | 1 Redhat | 1 Libvirt | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. | |||||
| CVE-2015-5247 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. | |||||
| CVE-2015-0236 | 4 Canonical, Mageia, Opensuse and 1 more | 8 Ubuntu Linux, Mageia, Opensuse and 5 more | 2024-11-21 | 3.5 LOW | N/A |
| libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. | |||||
| CVE-2014-8136 | 4 Canonical, Mageia, Opensuse and 1 more | 8 Ubuntu Linux, Mageia, Opensuse and 5 more | 2024-11-21 | 2.1 LOW | N/A |
| The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2014-8135 | 1 Redhat | 1 Libvirt | 2024-11-21 | 2.1 LOW | N/A |
| The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command. | |||||
| CVE-2014-8131 | 1 Redhat | 1 Libvirt | 2024-11-21 | 4.0 MEDIUM | N/A |
| The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. | |||||
| CVE-2014-7823 | 1 Redhat | 1 Libvirt | 2024-11-21 | 5.0 MEDIUM | N/A |
| The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. | |||||
| CVE-2014-5177 | 2 Opensuse, Redhat | 4 Opensuse, Enterprise Linux, Enterprise Virtualization and 1 more | 2024-11-21 | 1.2 LOW | N/A |
| libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors. | |||||
| CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |||||
| CVE-2014-1447 | 1 Redhat | 1 Libvirt | 2024-11-21 | 3.3 LOW | N/A |
| Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. | |||||