TencentOS Server 3: virt:rhel and virt-devel:rhel (TSSA-2022:0119)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0119 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

SUSE CVE-2019-10132

A vulnerability was found in libvirt = 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the...

openSUSE: Security Advisory for libvirt (openSUSE-SU-2021:2812-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for libvirt (moderate)

openSUSE Security Update: Security update for libvirt Announcement ID: openSUSE-SU-2021:2812-1 Rating: moderate References: 1184253 1187871 1188232 1188843 Cross-References: CVE-2021-3631 CVE-2021-3667 CVSS scores: CVE-2021-3631 SUSE: 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3667...

CVE-2019-10132

A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this...

The vulnerability of the virtlockd-admin.socket and virtlogd-admin.socket modules of the Libvirt management library allows attackers to increase their privileges.

The vulnerability of the virtlockd-admin.socket and virtlogd-admin.socket modules of the Libvirt management library is related to the absence of the SocketMode parameter. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

Authorization Bypass

libvirt.so is vulnerable to authorization bypass. A missing SocketMode configuration parameter allows a local user to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons...

libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter

A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this...

CVE-2019-10132

A vulnerability was found in libvirt = 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the...

DEBIAN-CVE-2019-10132

A vulnerability was found in libvirt = 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the...

CVE-2019-10132

CVE-2019-10132 affects libvirt 4.1.0 and later, specifically the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any host user to connect via virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks on the vir...