Lucene search
K

15 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.3 views

SUSE CVE-2014-3633

The qemuDomainGetBlockIoTune function in qemu/qemudriver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service crash or read sensitive heap information via a crafted blkiotune query, which triggers an...

5.8CVSS6.7AI score0.02751EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.1 views

SUSE CVE-2014-8136

The 1 qemuDomainMigratePerform and 2 qemuDomainMigrateFinish2 functions in qemu/qemudriver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors...

2.1CVSS6.5AI score0.00394EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.2 views

SUSE CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

7.5CVSS8.8AI score0.00529EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2022/09/21 12:0 a.m.6 views

The vulnerability of the qemuDomainGetStatsIOThread function in the qemu_driver.c component of the Libvirt virtualization management library allows a attacker to cause a service failure.

The vulnerability of the qemuDomainGetStatsIOThread function in the qemudriver.c component of the Libvirt control library is related to improper memory release before deleting the last references. Exploiting this vulnerability allows an attacker to trigger a service failure remotely...

6.8CVSS6.8AI score0.02294EPSS
Exploits0References8Affected Software3
Tenable Nessus
Tenable Nessus
added 2022/05/02 12:0 a.m.40 views

Ubuntu 18.04 LTS / 20.04 LTS : libvirt vulnerabilities (USN-5399-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5399-1 advisory. It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvir...

7.2CVSS6.6AI score0.01366EPSS
Exploits1References7
Rosalinux
Rosalinux
added 2021/07/02 5:20 p.m.32 views

Advisory ROSA-SA-2021-1899

Software: libvirt 4.5.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-25637 CVE-Crit: MEDIUM CVE-DESC: A double free memory issue has been detected in libvirt APIs in versions prior to 6.8.0 responsible for querying information about network interfaces of a running QEMU domain. This flaw affects the polkit...

7.2CVSS6.7AI score0.00529EPSS
Exploits0
OSV
OSV
added 2020/10/06 2:15 p.m.1 views

ALPINE-CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

6.7CVSS6.9AI score0.00529EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/10/06 2:15 p.m.36 views

CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

7.2CVSS6.8AI score0.00529EPSS
Exploits0References2
OSV
OSV
added 2020/10/06 2:15 p.m.5 views

UBUNTU-CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

6.7CVSS6.8AI score0.00529EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/10/06 12:0 a.m.32 views

CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

6.7AI score0.00529EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2020/10/06 12:0 a.m.60 views

CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

7.2CVSS6.9AI score0.00529EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/09/30 4:19 p.m.40 views

CVE-2020-25637

A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions cou...

7.2CVSS2.4AI score0.00529EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2014/12/18 12:0 a.m.3 views

PT-2014-8426 · Red Hat +4 · Libvirt +5

Name of the Vulnerable Software and Affected Versions: libvirt affected versions not specified Description: The issue is related to the qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu driver.c. These functions do not unlock the domain when an ACL check fails, allowing...

6.5CVSS5.4AI score0.02791EPSS
Exploits1References117
OSV
OSV
added 2014/11/11 4:32 p.m.5 views

USN-2404-1 libvirt vulnerabilities

Pavel Hrdina discovered that libvirt incorrectly handled locking when processing the virConnectListAllDomains command. An attacker could use this issue to cause libvirtd to hang, resulting in a denial of service. CVE-2014-3657 Eric Blake discovered that libvirt incorrectly handled permissions whe...

5CVSS6.8AI score0.02791EPSS
Exploits0References3
OSV
OSV
added 2014/10/06 2:55 p.m.0 views

DEBIAN-CVE-2014-3633

The qemuDomainGetBlockIoTune function in qemu/qemudriver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service crash or read sensitive heap information via a crafted blkiotune query, which triggers an...

5.8CVSS6.8AI score0.02751EPSS
Exploits0References1
Rows per page
Query Builder