Libvirt Security Vulnerabilities and Issues — Libvirt CVE List

Lucene search

RedhatLibvirt

10 matches found

CVE•added 2013/09/30 9:55 p.m.•75 views

CVE-2013-4296

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC ca...

4CVSS7.6AI score0.03294EPSS

CVE•added 2013/09/30 9:55 p.m.•60 views

CVE-2013-4292

libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.

2.1CVSS7.7AI score0.00068EPSS

CVE•added 2013/09/30 9:55 p.m.•58 views

CVE-2013-4153

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.

5CVSS6.2AI score0.00642EPSS

CVE•added 2013/09/30 9:55 p.m.•56 views

CVE-2013-4297

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.

4CVSS7.7AI score0.0058EPSS

CVE•added 2013/09/30 9:55 p.m.•56 views

CVE-2013-5651

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.

5CVSS7.8AI score0.00639EPSS

CVE•added 2013/09/30 9:55 p.m.•54 views

CVE-2013-2230

The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."

4CVSS5.9AI score0.0058EPSS

CVE•added 2013/09/30 9:55 p.m.•53 views

CVE-2013-4239

The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.

4CVSS7.8AI score0.0058EPSS

CVE•added 2013/09/30 9:55 p.m.•52 views

CVE-2013-4291

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.

6.9CVSS8.1AI score0.00046EPSS

CVE•added 2013/09/30 9:55 p.m.•51 views

CVE-2013-2218

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --i...

5CVSS6.2AI score0.10811EPSS

CVE•added 2013/09/30 9:55 p.m.•51 views

CVE-2013-4154

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.

4.3CVSS6.1AI score0.00731EPSS