Lucene search

K
RedhatLibvirt0.8.6

13 matches found

CVE
CVE
added 2011/08/10 8:55 p.m.83 views

CVE-2011-2511

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.

4CVSS7.6AI score0.02832EPSS
CVE
CVE
added 2014/01/24 6:55 p.m.80 views

CVE-2013-6458

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (li...

6.8CVSS8AI score0.00779EPSS
CVE
CVE
added 2014/08/03 6:55 p.m.78 views

CVE-2014-0179

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, re...

1.9CVSS7.6AI score0.00114EPSS
CVE
CVE
added 2011/05/31 8:55 p.m.75 views

CVE-2011-1486

libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.

3.3CVSS6.3AI score0.00859EPSS
CVE
CVE
added 2014/01/24 6:55 p.m.69 views

CVE-2014-1447

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.

3.3CVSS8AI score0.06277EPSS
CVE
CVE
added 2014/01/24 6:55 p.m.66 views

CVE-2013-6457

The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain t...

5.2CVSS8.7AI score0.00135EPSS
CVE
CVE
added 2012/11/19 12:10 p.m.65 views

CVE-2012-4423

The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.

5CVSS6.3AI score0.0287EPSS
CVE
CVE
added 2012/06/17 3:41 a.m.59 views

CVE-2012-2693

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

3.7CVSS6.1AI score0.00059EPSS
CVE
CVE
added 2013/03/20 3:55 p.m.57 views

CVE-2013-1766

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.

3.6CVSS6.2AI score0.00056EPSS
CVE
CVE
added 2013/09/30 9:55 p.m.56 views

CVE-2013-4297

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.

4CVSS7.7AI score0.0058EPSS
CVE
CVE
added 2013/09/30 9:55 p.m.56 views

CVE-2013-5651

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.

5CVSS7.8AI score0.00639EPSS
CVE
CVE
added 2014/12/12 3:59 p.m.55 views

CVE-2013-4399

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing t...

4.3CVSS8AI score0.00677EPSS
CVE
CVE
added 2013/09/30 9:55 p.m.54 views

CVE-2013-2230

The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."

4CVSS5.9AI score0.0058EPSS