Filtered by vendor Redhat Subscriptions
Filtered by product Libvirt Subscriptions
Total 72 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-1447 1 Redhat 2 Enterprise Linux, Libvirt 2024-08-06 N/A
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
CVE-2014-0179 2 Opensuse, Redhat 4 Opensuse, Enterprise Linux, Enterprise Virtualization and 1 more 2024-08-06 N/A
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.
CVE-2014-0028 1 Redhat 1 Libvirt 2024-08-06 N/A
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.
CVE-2015-5313 1 Redhat 3 Enterprise Linux, Libvirt, Storage 2024-08-06 N/A
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
CVE-2015-5247 2 Canonical, Redhat 2 Ubuntu Linux, Libvirt 2024-08-06 N/A
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
CVE-2015-0236 4 Canonical, Mageia, Opensuse and 1 more 10 Ubuntu Linux, Mageia, Opensuse and 7 more 2024-08-06 N/A
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
CVE-2016-10746 2 Debian, Redhat 2 Debian Linux, Libvirt 2024-08-06 N/A
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
CVE-2016-5008 2 Debian, Redhat 4 Debian Linux, Enterprise Linux, Libvirt and 1 more 2024-08-06 N/A
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
CVE-2017-1000256 2 Debian, Redhat 2 Debian Linux, Libvirt 2024-08-05 8.1 High
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
CVE-2017-2635 1 Redhat 1 Libvirt 2024-08-05 N/A
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
CVE-2018-6764 3 Canonical, Debian, Redhat 8 Ubuntu Linux, Debian Linux, Enterprise Linux and 5 more 2024-08-05 N/A
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
CVE-2018-5748 2 Debian, Redhat 10 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-08-05 N/A
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
CVE-2019-20485 3 Debian, Fedoraproject, Redhat 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2024-08-05 5.7 Medium
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
CVE-2019-10168 1 Redhat 10 Advanced Virtualization, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-08-04 7.8 High
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10161 2 Canonical, Redhat 6 Ubuntu Linux, Advanced Virtualization, Enterprise Linux and 3 more 2024-08-04 7.8 High
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
CVE-2019-10167 1 Redhat 10 Advanced Virtualization, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-08-04 7.8 High
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10166 1 Redhat 10 Advanced Virtualization, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-08-04 7.8 High
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
CVE-2019-10132 2 Fedoraproject, Redhat 4 Fedora, Advanced Virtualization, Enterprise Linux and 1 more 2024-08-04 N/A
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
CVE-2019-3886 3 Fedoraproject, Opensuse, Redhat 4 Fedora, Leap, Advanced Virtualization and 1 more 2024-08-04 5.4 Medium
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
CVE-2019-3840 2 Opensuse, Redhat 3 Leap, Enterprise Linux, Libvirt 2024-08-04 N/A
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.