Filtered by vendor Redhat
Subscriptions
Filtered by product Libvirt
Subscriptions
Total
72 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4400 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. | ||||
| CVE-2013-4291 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges. | ||||
| CVE-2013-4297 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. | ||||
| CVE-2013-4311 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Libvirt | 2024-08-06 | N/A |
| libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2013-4296 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Libvirt | 2024-08-06 | N/A |
| The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. | ||||
| CVE-2013-4292 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c. | ||||
| CVE-2013-4239 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function. | ||||
| CVE-2013-4154 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command. | ||||
| CVE-2013-4153 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command. | ||||
| CVE-2013-2218 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command. | ||||
| CVE-2013-2230 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration." | ||||
| CVE-2013-1962 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2024-08-06 | N/A |
| The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool." | ||||
| CVE-2013-1766 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. | ||||
| CVE-2013-0170 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 12 Ubuntu Linux, Fedora, Opensuse and 9 more | 2024-08-06 | N/A |
| Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. | ||||
| CVE-2014-8136 | 4 Canonical, Mageia, Opensuse and 1 more | 10 Ubuntu Linux, Mageia, Opensuse and 7 more | 2024-08-06 | N/A |
| The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. | ||||
| CVE-2014-8131 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. | ||||
| CVE-2014-8135 | 1 Redhat | 1 Libvirt | 2024-08-06 | N/A |
| The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command. | ||||
| CVE-2014-7823 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2024-08-06 | N/A |
| The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. | ||||
| CVE-2014-5177 | 2 Opensuse, Redhat | 4 Opensuse, Enterprise Linux, Enterprise Virtualization and 1 more | 2024-08-06 | N/A |
| libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors. | ||||
| CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2024-08-06 | N/A |
| The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | ||||