Lucene search
+L
RedhatLibvirt

73 matches found

CVE
CVE
added 2012/06/17 1:0 a.m.89 views

CVE-2012-2693

CVE-2012-2693 affects libvirt (likely before 0.9.12): multiple USB devices with identical vendor/product IDs may be misassigned to a guest, enabling local access to unintended USB devices. The linked advisories indicate fixes in official releases (e.g., MiracleLinux/Oracle Linux advisories refere...

3.7CVSS6.1AI score0.00331EPSS
CVE
CVE
added 2021/05/24 11:55 a.m.89 views

CVE-2021-3559

CVE-2021-3559 : A flaw in libvirt’s virConnectListAllNodeDevices API affects hosts with PCI devices using mediated devices (e.g., GRID driver) and libvirt versions before 7.0.0. An unprivileged client with a read-only connection can crash the libvirt daemon by executing the nodedev-list command, ...

6.5CVSS6.4AI score0.01033EPSS
CVE
CVE
added 2014/01/24 6:0 p.m.88 views

CVE-2013-6457

CVE-2013-6457 concerns the libxlDomainGetNumaParameters function in the libxl driver of libvirt before 1.2.1, which fails to initialize the nodemap. This can enable local users to cause a denial of service (invalid free/crash) and may allow arbitrary code execution via an inactive domain when usi...

5.2CVSS8.7AI score0.00659EPSS
CVE
CVE
added 2012/08/07 9:0 p.m.87 views

CVE-2012-3445

The CVE-2012-3445 issue affects libvirt 0.9.13 through the virTypedParameterArrayClear function. The vulnerability arises when handling virDomain* API calls with typed parameters, enabling remote authenticated users to trigger a denial of service (libvirtd crash) by sending an RPC command with np...

3.5CVSS6.3AI score0.02158EPSS
CVE
CVE
added 2014/01/07 7:0 p.m.87 views

CVE-2013-6436

CVE-2013-6436 affects the libvirt lxc driver. The vulnerability is in lxcDomainGetMemoryParameters in libvirt before the patch/cleanup, where memory tunables are read without properly checking the LXC guest status. A local user can trigger a denial of service (NULL pointer dereference, libvirtd c...

2.1CVSS7.7AI score0.00354EPSS
Web
CVE
CVE
added 2014/01/24 6:0 p.m.87 views

CVE-2014-0028

CVE-2014-0028 affects libvirt 1.1.1 through 1.2.0. The issue enables context-dependent attackers to bypass domain:getattr and connect:search_domains restrictions in ACLs and retrieve sensitive domain object information via the event registration API calls virConnectDomainEventRegister and virConn...

4.3CVSS8.1AI score0.00623EPSS
CVE
CVE
added 2018/08/22 9:0 p.m.85 views

CVE-2017-2635

CVE-2017-2635 describes a NULL pointer dereference in libvirt when handling empty drives, affecting libvirt versions 2.5.0 to 3.0.0. The flaw can be triggered remotely by an authenticated user, crashing the libvirtd daemon and causing denial of service. Connected documents corroborate the same is...

7.7CVSS7.3AI score0.01529EPSS
CVE
CVE
added 2013/03/20 3:0 p.m.83 views

CVE-2013-1766

CVE-2013-1766 affects libvirt (libvirtd) prior to version in Debian squeeze; the daemon would change ownership of device files to the kvm group, enabling local users to write to those devices via unspecified vectors. Impact described as local access to files/devices with potential for partial int...

3.6CVSS6.2AI score0.00382EPSS
CVE
CVE
added 2013/11/02 6:0 p.m.83 views

CVE-2013-4401

CVE-2013-4401 affects libvirt 1.1.0–1.1.3, where virConnectDomainXMLToNative incorrectly checks connect:read instead of connect:write. This mispermission enables a remote attacker to obtain domain:write privileges and may allow execution of Qemu binaries via crafted XML. Public disclosures in var...

8.5CVSS8.6AI score0.01689EPSS
CVE
CVE
added 2013/12/09 11:0 a.m.80 views

CVE-2013-4400

CVE-2013-4400 affects libvirt up to 1.1.3 (1.1.2–1.1.3). Local users can overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments in virt-login-shell. Public references in multiple advisories confirm affected versions and a need to upg...

7.2CVSS8.3AI score0.00352EPSS
CVE
CVE
added 2014/05/07 10:0 a.m.80 views

CVE-2013-7336

CVE-2013-7336 affects libvirt in qemu migration flow. The qemuMigrationWaitForSpice function in qemu/qemu_migration.c fails to properly enter a monitor during seamless SPICE migration, enabling a local user to trigger a NULL pointer dereference and libvirtd crash by racing with qemuMonitorGetSpic...

1.9CVSS7.7AI score0.00327EPSS
CVE
CVE
added 2016/04/14 3:0 p.m.80 views

CVE-2015-5247

The CVE-2015-5247 issue affects libvirt’s virStorageVolCreateXML API in libvirt 1.2.14–1.2.19, where remote authenticated users with a read-write connection can cause a libvirtd crash (denial of service) by triggering a failed unlink after creating a volume on a root_squash NFS pool. This is docu...

6.5CVSS7.1AI score0.0137EPSS
CVE
CVE
added 2013/09/30 9:0 p.m.79 views

CVE-2013-4292

CVE-2013-4292 affects libvirt 1.1.0 and 1.1.1. Local users can cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c. Exploitation details are not provided in the sources; the NVD e...

2.1CVSS7.7AI score0.00339EPSS
CVE
CVE
added 2013/09/30 9:0 p.m.78 views

CVE-2013-4153

CVE-2013-4153 : A double free in qemuAgentGetVCPUs in libvirt (libvirt 1.0.6–1.1.0) can be exploited remotely to crash the daemon via a cpu count request (e.g., virsh vcpucount dom --guest). Connected docs confirm the affected component and vulnerability pattern; remediation is available in newer...

5CVSS6.2AI score0.01676EPSS
CVE
CVE
added 2015/01/06 3:0 p.m.78 views

CVE-2014-8131

CVE-2014-8131 affects the qemu implementation of virConnectGetAllDomainStats in libvirt up to version 1.2.10. When a domain is skipped due to ACL restrictions, locks are not handled properly, enabling a remote authenticated user to trigger a denial of service (deadlock or segmentation fault) by r...

4CVSS7.8AI score0.01461EPSS
CVE
CVE
added 2014/12/19 3:0 p.m.77 views

CVE-2014-8135

The CVE-2014-8135 issue affects libvirt up to version 1.2.11, where storageVolUpload in storage/storage_driver.c fails to check a return value. This allows local attackers to trigger a NULL pointer dereference and daemon crash via a crafted offset in the virsh vol-upload command, causing a local ...

2.1CVSS7.6AI score0.00467EPSS
CVE
CVE
added 2013/09/30 9:0 p.m.76 views

CVE-2013-4291

Libvirt CVE-2013-4291 affects virSecurityManagerSetProcessLabel in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1. When a domain has read an uid:gid label, it fails to correctly set group memberships, enabling local users to gain privileges. The description indicates a local privilege escalation path, but ...

6.9CVSS8.1AI score0.00487EPSS
CVE
CVE
added 2013/09/30 9:0 p.m.76 views

CVE-2013-4297

The CVE-2013-4297 issue affects libvirt up to version 1.1.2, where the virFileNBDDeviceAssociate function in util/virfile.c can trigger a denial of service via an uninitialized pointer dereference when accessed by remote, authenticated users. The vectors are unspecified in the provided documents....

4CVSS7.7AI score0.0197EPSS
CVE
CVE
added 2014/12/12 3:0 p.m.73 views

CVE-2013-4399

The CVE-2013-4399 issue affects libvirt up to version 1.1.3, where remoteClientFreeFunc in daemon/remote.c fails to set an identity when ACLs are used. This can allow an attacker to deny service by registering an event handler and then closing the connection, due to a use-after-free that can cras...

4.3CVSS8AI score0.02084EPSS
CVE
CVE
added 2013/09/30 9:0 p.m.72 views

CVE-2013-4239

CVE-2013-4239 affects libvirt 1.1.1 via the xenDaemonListDefinedDomains path (xen/xend_internal.c). The vulnerability allows remote authenticated users to trigger memory corruption and a denial of service crash by calling virConnectListDefinedDomains. This is caused in the Xen integration within ...

4CVSS7.8AI score0.0197EPSS
CVE
CVE
added 2013/09/30 9:0 p.m.71 views

CVE-2013-2218

CVE-2013-2218 describes a double-free vulnerability in libvirt 1.0.6, specifically in virConnectListAllInterfaces() within interface/interface_backend_netcf.c. The underlying issue can allow a remote attacker to crash libvirtd (Denial of Service) by using a filtering flag that causes an interface...

5CVSS6.2AI score0.08267EPSS
CVE
CVE
added 2013/09/30 9:0 p.m.70 views

CVE-2013-2230

The provided data confirms CVE-2013-2230 affects the libvirt qemu driver (qemu/qemu_driver.c) in libvirt versions prior to 1.1.1. It enables remote authenticated users to trigger a denial of service (daemon crash) via unspecified vectors tied to multiple events registration. The available details...

4CVSS5.9AI score0.02079EPSS
CVE
CVE
added 2013/09/30 9:0 p.m.69 views

CVE-2013-4154

The CVE-2013-4154 entry concerns libvirt’s qemuAgentCommand path. Affected component: libvirt prior to 1.1.1. When a guest agent is not configured, remote attackers can trigger a NULL pointer dereference via agent based CPU (un)plug vectors (as demonstrated by virsh vcpucount foobar --guest), cau...

4.3CVSS6.1AI score0.02202EPSS
Total number of security vulnerabilities73