Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service. Lack of proper handling of a locked virStoragePoolObj object to release on ACL permission failure in the function virStoragePoolLookupByTargetPath allows other users to access storage pool APIs, causing an application crash...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service. The vulnerability exists due to a lingering domain shutdown event in the libxlDomainHandleDeathlibxlDriverPrivate which causes a deadlock situation allowing an attacker to continuously reboot the system and causing an application on the host crash...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service. The vulnerability exists in qemuProcessHandleMonitorEOF function of qemuprocess.c due to a method call using multiple unprotected threads which causes an application crash...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS. qemu/qemudriver.c mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service API blockage...

Remote Code Execution

libvirt.so is vulnerable to remote code execution RCE. The attack is possible because it does not filter emulatorbin arguments that are sent to virConnectGetDomainCapabilities libvirt API. A client with read-only access can send an arbitrary path for this argument to execute arbitrary code on the...

Authorization Bypass

libvirt.so is vulnerable to authorization bypass. A missing SocketMode configuration parameter allows a local user to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons...

Insecure Authorization

libvirt.so is vulnerable to insecure authorization. The readonly permission was allowed to invoke APIs and this can lead to disclosure of confidential information or allow a remote attacker to cause a denial of service condition by causing libvirt to block...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS. The vulnerability is possible because the remoteDispatchDomainMemoryStats function in daemon/remote.c does not assign an uninitialized pointer to the NULL causing pointer dereferencing and allowing an authenticated users to trigger the attack...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS attacks. The library does not properly verify that a disk is attached, leading to race conditions that can cause the application to crash...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS. The attack can be triggered during an RPC connection where an attacker can trigger a se-after-free error through the virNetMessageFree function in rpc/virnetserverclient.c, causing the application to crashing or arbitrary code being executed...

Denial Of Service (DoS)

libvirt.so is susceptible to denial of serviceDoS. The vulnerability exists because the remoteDispatchStoragePoolListAllVolumes function does not free the pool and closes the netcf interface driver, which left two held sockets open...

Information Disclosure

libvirt.so is vulnerable to information disclosures. A malicious user can use the VIRDOMAINXMLMIGRATABLE flag to implicitly enable the VIRDOMAINXMLSECURE flag, allowing a malicious user access to the VNC connection password...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS. The vulnerability is possible because the remoteDispatchDomainMemoryStats function in daemon/remote.c does not assign an uninitialized pointer to the NULL causing pointer dereferencing and allowing an authenticated users to trigger the attack...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS. The attack exists because missing to set identity in the remoteClientFreeFunc function in daemon/remote.c allows the attacker to launch DoS by registering an event handler and then closing the connection...

Code Execution Via Privilege Escalation

libvirt.so is vulnerable to privilege escalation. The vulnerability is possible because failure to check connect:write permission in the virConnectDomainXMLToNative function provides the attacker domain:write privileges to execute Qemu binaries through malicious XML...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS attacks. The library does not properly initialize a nodemap, leading to an invalid free that can crash the application or cause arbitrary code to be executed...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS attacks. The library does not properly verify that a disk is attached, leading to race conditions that can cause the application to crash...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS attacks. The library contains a race condition when handling the keepalive initialization requests, allowing a malicious user to cause the library to crash by closing the connection before the keepalive request is sent...

Out-Of-Bounds Read

libvirt.so is vulnerable to an out-of-bound read. The vulnerability exists in qemuDomainGetBlockIoTune function in qemu/qemudriver.c file because the live definition is used to look up the disk index while the persistant one is indexed which allows an attacker to cause a denial of service conditi...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS. The attack can be triggered during an RPC connection where an attacker can trigger a use-after-free error through the virNetMessageFree function in rpc/virnetserverclient.c, causing the application to crashing or arbitrary code being executed...