3825 matches found
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2022-2092)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2022-2045)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.10.0 : libvirt (EulerOS-SA-2022-2092)
According to the versions of the libvirt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-nwfilte...
libvirt bug fix and enhancement update
An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...
OESA-2022-1722 libvirt security update
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was found in the libvirt nwfilter driver. The...
Oracle Linux 8 : kvm_utils (ELSA-2022-9460)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9460 advisory. - A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct...
Oracle Linux 7 : libvirt / libvirt-python (ELSA-2022-9433)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9433 advisory. - nwfilter: fix crash when counting number of network filters Daniel P. Berrange Orabug: 33973639 CVE-2022-0897 libvirt-python Tenable has extracted the precedi...
libvirt libvirt-python security update
libvirt 5.7.0-33.el7 - qemu: refresh vNUMA/SMT pinning. Wim ten Have Orabug: 34083505 - qemu driver: Check exadataConfig and packCPUs whenever vNUMA/SMT applies Wim ten Have Orabug: 34023508 - nwfilter: fix crash when counting number of network filters Daniel P. Berrange Orabug: 33973639...
GHSA-MM5C-7MPR-99FM CSRF vulnerability in Jenkins Libvirt Agents Plugin
Jenkins Libvirt Agents Plugin 1.9.0 and earlier does not require POST requests for a form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to stop hypervisor domains. Jenkins Libvirt Agents Plugin 1.9.1 requires POST requests f...
CSRF vulnerability in Jenkins Libvirt Agents Plugin
Jenkins Libvirt Agents Plugin 1.9.0 and earlier does not require POST requests for a form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to stop hypervisor domains. Jenkins Libvirt Agents Plugin 1.9.1 requires POST requests f...
GHSA-M36J-F2HF-QGJ2 Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
GHSA-8J3M-J6X6-CP5V Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration
A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
GHSA-M295-M3X4-3MMC Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration
A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
new packages: libvirt-glib
An update is available for libvirt-glib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
new packages: libvirt-dbus
An update is available for libvirt-dbus. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
new packages: libvirt-python
An update is available for libvirt-python. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...
GHSA-M454-CM7H-RQHH OpenStack Nova Directory traversal vulnerability
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. dot dot in the path attribute of a file element...