Lucene search
K

11 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.1 views

SUSE CVE-2020-10701

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...

6.5CVSS8.5AI score0.00861EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.6 views

The vulnerability of the Libvirt virtualization management library, related to authentication errors, allows a perpetrator to trigger a service failure.

The vulnerability of the Libvirt virtualization management library is related to the lack of authentication, allowing connections to only be set for read-only access. This means that libvirt waits for a response from the guest agent for a specified period of time. Exploiting this vulnerability...

6.5CVSS7.1AI score0.00861EPSS
Exploits0References6Affected Software3
OSV
OSV
added 2021/05/27 7:15 p.m.43 views

CVE-2020-10701

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...

6.5CVSS9.1AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/05/27 7:15 p.m.22 views

CVE-2020-10701

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...

6.5CVSS6.9AI score0.00861EPSS
Exploits0References1
Veracode
Veracode
added 2020/04/10 12:56 a.m.28 views

Denial Of Service (DoS)

libvirt is vulnerable to denial of service. A flaw was found in the way libvirtd handled error reporting for concurrent connections. A remote attacker able to establish read-only connections to libvirtd on a server could use this flaw to crash libvirtd...

3.3CVSS1.7AI score0.01199EPSS
Exploits0References14Affected Software1
Oracle linux
Oracle linux
added 2019/07/10 12:0 a.m.102 views

libvirt security update

5.0.0-9.el7 - qemu: remove cpuhostmask and cpuguestmask from virCaps structure Wim ten Have Orabug: 29956508 5.0.0-8.el7 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections Jan Tomko Orabug: 29955742 CVE-2019-10161 - domain: Define explicit flags for saved image xml Eric Blake...

8.8CVSS1AI score0.01553EPSS
Exploits0
OSV
OSV
added 2019/04/18 4:29 p.m.0 views

DEBIAN-CVE-2016-10746

libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886...

7.5CVSS6.9AI score0.02051EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.27 views

Scientific Linux Security Update : libvirt on SL6.x i386/x86_64

It was found that several libvirt API calls did not honor the read-only permission for connections. A local attacker able to establish a read-only connection to libvirtd on a server could use this flaw to execute commands that should be restricted to read-write connections, possibly leading to a...

6.9CVSS7.1AI score0.01532EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2011/07/31 12:0 a.m.44 views

libvirt security, bug fix, and enhancement update

0.8.2-22.0.1.el5 - Replaced docs/et.png in tarball libvirt-0.8.2-22.el5 - Fix auditing of disk hotunplug operations rhbz710151 libvirt-0.8.2-21.el5 - remote: Protect against integer overflow rhbz717207 0.8.2-20.el5 - Support enabling or disabling the HPET for Xen domains rhbz703193 - SMBIOS suppo...

6.9CVSS0.4AI score0.03536EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/04/12 12:0 a.m.33 views

Fedora 14 : libvirt-0.8.3-9.fc14 (2011-4896)

Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe Fix specfil to create /var/lib/libvirt with proper permissions. fix a lack of API check on read-only connections this build fix one crash in the the error handling fix a lack of API check on read-only connections Note that...

6.9CVSS7AI score0.01532EPSS
Exploits0References5
OSV
OSV
added 2011/03/15 5:55 p.m.1 views

DEBIAN-CVE-2011-1146

libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service host OS crash or possibly execute arbitrary code via a 1 virNodeDeviceDettach, 2 virNodeDeviceReset, 3 virDomainRevertToSnapsho...

6.9CVSS8.4AI score0.01532EPSS
Exploits0References1
Rows per page
Query Builder