24 matches found
EUVD-2019-13460
Malware in sbrugna...
Oracle Linux 7 : libvirt (ELSA-2019-2294)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2294 advisory. - api: disallow virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161 - api: disallow virDomainManagedSaveDefineXML on read-only connections...
SUSE CVE-2013-4153
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemuagent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service daemon crash via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command...
SUSE CVE-2013-4154
The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service NULL pointer dereference and crash via vectors related to "agent based cpu unplug," as demonstrated by the "virsh vcpucount foobar --guest" command...
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.
...
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...
libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c
A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions cou...
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-1367)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : libvirt (ALAS-2019-1361)
A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. CVE-2019-3840 C Tenable Network Security, Inc. The descriptive text and package...
Medium: libvirt
Issue Overview: A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. CVE-2019-3840 Affected Packages: libvirt Note: This advisory is...
libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function
A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service...
EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1684)
According to the version of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An attacker in a guest ...
EulerOS Virtualization 2.5.3 : libvirt (EulerOS-SA-2019-1367)
According to the version of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An...
CVE-2019-3840
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service...
CVE-2019-3840
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service...
Null pointer dereference
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service...