3825 matches found
CVE-2013-4154
The CVE-2013-4154 entry concerns libvirt’s qemuAgentCommand path. Affected component: libvirt prior to 1.1.1. When a guest agent is not configured, remote attackers can trigger a NULL pointer dereference via agent based CPU (un)plug vectors (as demonstrated by virsh vcpucount foobar --guest), cau...
CVE-2013-2230
The qemu driver qemu/qemudriver.c in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service daemon crash via unspecified vectors involving "multiple events registration."...
CVE-2013-4153
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemuagent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service daemon crash via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command...
CVE-2013-4154
The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service NULL pointer dereference and crash via vectors related to "agent based cpu unplug," as demonstrated by the "virsh vcpucount foobar --guest" command...
CVE-2013-4292
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service memory consumption via a large number of domain migrate parameters in certain RPC calls in 1 daemon/remote.c and 2 remote/remotedriver.c...
CVE-2013-4296
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service uninitialized pointer dereference and crash via a crafted RPC ca...
CVE-2013-2230
The qemu driver qemu/qemudriver.c in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service daemon crash via unspecified vectors involving "multiple events registration."...
CVE-2013-4239
The xenDaemonListDefinedDomains function in xen/xendinternal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service memory corruption and crash via vectors involving the virConnectListDefinedDomains API function...
CVE-2013-4291
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges...
CVE-2013-4297
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service uninitialized pointer dereference and crash via unspecified vectors...
CVE-2013-5651
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a crafted bitmap, as demonstrated by a large nodeset value to numatune...
CVE-2013-4291
Libvirt CVE-2013-4291 affects virSecurityManagerSetProcessLabel in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1. When a domain has read an uid:gid label, it fails to correctly set group memberships, enabling local users to gain privileges. The description indicates a local privilege escalation path, but ...
CVE-2013-2218
CVE-2013-2218 describes a double-free vulnerability in libvirt 1.0.6, specifically in virConnectListAllInterfaces() within interface/interface_backend_netcf.c. The underlying issue can allow a remote attacker to crash libvirtd (Denial of Service) by using a filtering flag that causes an interface...
CVE-2013-4239
CVE-2013-4239 affects libvirt 1.1.1 via the xenDaemonListDefinedDomains path (xen/xend_internal.c). The vulnerability allows remote authenticated users to trigger memory corruption and a denial of service crash by calling virConnectListDefinedDomains. This is caused in the Xen integration within ...
CVE-2013-4153
CVE-2013-4153 : A double free in qemuAgentGetVCPUs in libvirt (libvirt 1.0.6–1.1.0) can be exploited remotely to crash the daemon via a cpu count request (e.g., virsh vcpucount dom --guest). Connected docs confirm the affected component and vulnerability pattern; remediation is available in newer...
CVE-2013-2230
The provided data confirms CVE-2013-2230 affects the libvirt qemu driver (qemu/qemu_driver.c) in libvirt versions prior to 1.1.1. It enables remote authenticated users to trigger a denial of service (daemon crash) via unspecified vectors tied to multiple events registration. The available details...
PT-2013-4938 · Red Hat +1 · Libvirt +1
Name of the Vulnerable Software and Affected Versions: libvirt versions 0.10.2.7, 1.0.5.5, and 1.1.1 Description: The issue arises from the virSecurityManagerSetProcessLabel function in libvirt, which fails to properly set group memberships when the domain has read an uid:gid label. This allows...
PT-2013-4939 · Libvirt · Libvirt
Name of the Vulnerable Software and Affected Versions: libvirt versions 1.1.0 through 1.1.1 Description: The issue allows local users to cause a denial of service, specifically memory consumption, by providing a large number of domain migrate parameters in certain RPC calls. This is related to th...
Debian DSA-2764-1 : libvirt - programming error
Daniel P. Berrange discovered that incorrect memory handling in the remoteDispatchDomainMemoryStats function could lead to denial of service. The oldstable distribution squeeze is not affected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
GLSA-201309-18 : libvirt: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201309-18 libvirt: Multiple vulnerabilities An error in the virNetMessageFree function in rpc/virnetserverclient.c can lead to a use-after-free. Additionally, a socket leak in the remoteDispatchStoragePoolListAllVolumes command ca...