Lucene search

K
RedhatLibvirt1.0.5.5

13 matches found

CVE
CVE
added 2014/01/24 6:55 p.m.80 views

CVE-2013-6458

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (li...

6.8CVSS8AI score0.00779EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.79 views

CVE-2013-4311

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288...

4.6CVSS8.2AI score0.00033EPSS
CVE
CVE
added 2014/08/03 6:55 p.m.78 views

CVE-2014-0179

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, re...

1.9CVSS7.6AI score0.00114EPSS
CVE
CVE
added 2013/09/30 9:55 p.m.75 views

CVE-2013-4296

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC ca...

4CVSS7.6AI score0.03294EPSS
CVE
CVE
added 2014/08/03 6:55 p.m.74 views

CVE-2014-5177

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, ...

1.2CVSS7.8AI score0.00114EPSS
CVE
CVE
added 2014/01/24 6:55 p.m.69 views

CVE-2014-1447

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.

3.3CVSS8AI score0.06277EPSS
CVE
CVE
added 2014/04/15 11:55 p.m.68 views

CVE-2013-6456

The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /de...

5.8CVSS6.3AI score0.00245EPSS
CVE
CVE
added 2014/01/24 6:55 p.m.66 views

CVE-2013-6457

The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain t...

5.2CVSS8.7AI score0.00135EPSS
CVE
CVE
added 2014/01/07 7:55 p.m.65 views

CVE-2013-6436

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown s...

2.1CVSS7.7AI score0.00068EPSS
CVE
CVE
added 2013/09/30 9:55 p.m.56 views

CVE-2013-5651

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.

5CVSS7.8AI score0.00639EPSS
CVE
CVE
added 2014/05/07 10:55 a.m.56 views

CVE-2013-7336

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called ...

1.9CVSS7.7AI score0.00068EPSS
CVE
CVE
added 2014/12/12 3:59 p.m.55 views

CVE-2013-4399

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing t...

4.3CVSS8AI score0.00677EPSS
CVE
CVE
added 2013/09/30 9:55 p.m.52 views

CVE-2013-4291

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.

6.9CVSS8.1AI score0.00046EPSS