Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/04 7:31 p.m.4 views

CVE-2026-24843

melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...

8.2CVSS5.4AI score0.00167EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2020/11/04 1:30 a.m.9 views

libvirt: leak of /dev/mapper/control into QEMU guests

A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of...

8.8CVSS7.3AI score0.00416EPSS
Exploits0References4
Veracode
Veracode
added 2020/08/06 9:32 p.m.36 views

Denial Of Service (DoS)

libvirt is vulnerable to denial of service DoS. The vulnerability exists as an issue was discovered in qemuDomainGetStatsIOThread in qemu/qemudriver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving...

6.5CVSS3.2AI score0.02294EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2020/04/28 8:15 p.m.23 views

CVE-2020-12430

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemudriver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged user...

6.5CVSS6.2AI score0.02294EPSS
Exploits0References7
Rows per page
Query Builder