SUSE CVE-2010-2238

Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors...

SUSE CVE-2010-2237

Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors...

SUSE CVE-2010-2242

Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree...

SUSE CVE-2011-1146

libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service host OS crash or possibly execute arbitrary code via a 1 virNodeDeviceDettach, 2 virNodeDeviceReset, 3 virDomainRevertToSnapsho...

SUSE CVE-2011-1486

libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service crash by causing multiple threads to report errors at the same time...

SUSE CVE-2011-2178

The virSecurityManagerGetPrivateData function in security/securitymanager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary...

SUSE CVE-2011-2511

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service libvirtd crash and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption...

SUSE CVE-2011-4600

The networkReloadIptablesRules function in network/bridgedriver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a 1 DNS or 2 DHCP query...

SUSE CVE-2012-2693

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices...

SUSE CVE-2012-3360

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. dot dot in the path attribute of a file element...

SUSE CVE-2012-3411

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via a spoofed DNS query...

SUSE CVE-2012-3445

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain API calls with typed parameters, which might allow remote authenticated users to cause a denial of service libvirtd crash via an RPC command with nparams set to zero, which triggers an out-of-bounds read...

SUSE CVE-2012-4423

The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and segmentation fault via an RPC call with 1 an event as the RPC number or 2 an RPC number whose value is in a "gap" in the RPC dispatch table...

SUSE CVE-2012-5625

OpenStack Compute Nova Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume PV content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume L...

SUSE CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by...

SUSE CVE-2013-0198

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix...

SUSE CVE-2013-1766

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors...

SUSE CVE-2013-1962

The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service file descriptor consumption via a large number of requests "to list all volumes for the particular pool."...

SUSE CVE-2013-2218

Double free vulnerability in the virConnectListAllInterfaces method in interface/interfacebackendnetcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service libvirtd crash via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list...

SUSE CVE-2013-2230

The qemu driver qemu/qemudriver.c in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service daemon crash via unspecified vectors involving "multiple events registration."...