Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2019/08/23 12:0 a.m.40 views

EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1796)

According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: virDomainManagedSaveDefineXML API exposed to...

8.8CVSS8.1AI score0.00521EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/08/13 12:0 a.m.10 views

The vulnerability of the virConnectGetDomainCapabilities() function in the Libvirt virtualization management library allows a attacker to execute arbitrary code or escalate their privileges.

The vulnerability of the virConnectGetDomainCapabilities function in the Libvirt control library is due to access control errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code or increase their privileges...

4.9CVSS8.1AI score0.00521EPSS
Exploits0References12Affected Software9
Prion
Prion
added 2019/08/02 1:15 p.m.31 views

Code injection

The virConnectGetDomainCapabilities libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients...

4.6CVSS8AI score0.00521EPSS
Exploits0References3Affected Software9
CVE
CVE
added 2019/08/02 12:5 p.m.366 views

CVE-2019-10167

CVE-2019-10167 affects libvirt’s virConnectGetDomainCapabilities() API. The vulnerability arises from an emulatorbin argument that libvirt v1.2.19+ uses to probe domain capabilities; read‑only clients could supply an arbitrary path, causing libvirtd to execute a crafted executable with libvirtd’s...

8.8CVSS7.8AI score0.00521EPSS
Exploits0References3Affected Software1
Oracle linux
Oracle linux
added 2019/07/10 12:0 a.m.102 views

libvirt security update

5.0.0-9.el7 - qemu: remove cpuhostmask and cpuguestmask from virCaps structure Wim ten Have Orabug: 29956508 5.0.0-8.el7 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections Jan Tomko Orabug: 29955742 CVE-2019-10161 - domain: Define explicit flags for saved image xml Eric Blake...

8.8CVSS1AI score0.01553EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/07/09 12:0 a.m.40 views

Fedora 30 : libvirt (2019-b2dfb13daf)

CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API bz 1722463, bz 1720115 - CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients bz 1722462, bz 1720114 - CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API bz...

8.8CVSS7.2AI score0.01108EPSS
Exploits1References6
Veracode
Veracode
added 2019/06/25 9:4 a.m.21 views

Remote Code Execution

libvirt.so is vulnerable to remote code execution RCE. The attack is possible because it does not filter emulatorbin arguments that are sent to virConnectGetDomainCapabilities libvirt API. A client with read-only access can send an arbitrary path for this argument to execute arbitrary code on the...

7.8CVSS8.4AI score0.00521EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/06/25 12:0 a.m.38 views

SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:1686-1)

This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

8.8CVSS8.2AI score0.00521EPSS
Exploits0References7
CNVD
CNVD
added 2019/06/24 12:0 a.m.2 views

Red Hat libvirt command execution vulnerability (CNVD-2019-19285)

Red Hat libvirt is a Linux API for implementing Linux virtualization features from Red Hat, Inc. It supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtual products for other operating systems. A security vulnerability exists in Red Hat libvirt versions...

8.8CVSS9.5AI score0.00521EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/06/24 12:0 a.m.39 views

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1599-1)

This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

8.8CVSS8.2AI score0.00521EPSS
Exploits0References10
Oracle linux
Oracle linux
added 2019/06/21 12:0 a.m.228 views

libvirt security and bug fix update

4.5.0-10.0.1 - added librbd1 as dependency Keshav Sharma 4.5.0-10.el76.12 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161 - api: disallow virDomainManagedSaveDefineXML on read-only connections CVE-2019-10166 - api: disallow virConnectGetDomainCapabilities on...

8.8CVSS2.2AI score0.00549EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/06/21 12:0 a.m.37 views

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20190620)

Security Fixes : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients CVE-2019-10166 - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API CVE-2019-10167 - libvirt:...

8.8CVSS8AI score0.00549EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/06/21 12:0 a.m.35 views

RHEL 7 : libvirt (RHSA-2019:1579)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1579 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems...

8.8CVSS8.2AI score0.00549EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2019/06/20 12:0 a.m.42 views

CVE-2019-10167

The virConnectGetDomainCapabilities libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients...

8.8CVSS7.2AI score0.00521EPSS
Exploits0References5
Rows per page
Query Builder