11 matches found
SUSE CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...
The vulnerability of the Libvirt virtualization management library, related to authentication errors, allows a perpetrator to trigger a service failure.
The vulnerability of the Libvirt virtualization management library is related to the lack of authentication, allowing connections to only be set for read-only access. This means that libvirt waits for a response from the guest agent for a specified period of time. Exploiting this vulnerability...
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...
Denial Of Service (DoS)
libvirt is vulnerable to denial of service. A flaw was found in the way libvirtd handled error reporting for concurrent connections. A remote attacker able to establish read-only connections to libvirtd on a server could use this flaw to crash libvirtd...
libvirt security update
5.0.0-9.el7 - qemu: remove cpuhostmask and cpuguestmask from virCaps structure Wim ten Have Orabug: 29956508 5.0.0-8.el7 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections Jan Tomko Orabug: 29955742 CVE-2019-10161 - domain: Define explicit flags for saved image xml Eric Blake...
DEBIAN-CVE-2016-10746
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886...
Scientific Linux Security Update : libvirt on SL6.x i386/x86_64
It was found that several libvirt API calls did not honor the read-only permission for connections. A local attacker able to establish a read-only connection to libvirtd on a server could use this flaw to execute commands that should be restricted to read-write connections, possibly leading to a...
libvirt security, bug fix, and enhancement update
0.8.2-22.0.1.el5 - Replaced docs/et.png in tarball libvirt-0.8.2-22.el5 - Fix auditing of disk hotunplug operations rhbz710151 libvirt-0.8.2-21.el5 - remote: Protect against integer overflow rhbz717207 0.8.2-20.el5 - Support enabling or disabling the HPET for Xen domains rhbz703193 - SMBIOS suppo...
Fedora 14 : libvirt-0.8.3-9.fc14 (2011-4896)
Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe Fix specfil to create /var/lib/libvirt with proper permissions. fix a lack of API check on read-only connections this build fix one crash in the the error handling fix a lack of API check on read-only connections Note that...
DEBIAN-CVE-2011-1146
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service host OS crash or possibly execute arbitrary code via a 1 virNodeDeviceDettach, 2 virNodeDeviceReset, 3 virDomainRevertToSnapsho...