Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat libvirt vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2013-4401
The virConnectDomainXMLToNative API function in libvirt 1.1.0 up to and including 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows malicious users to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: so...
Redhat Libvirt 1.1.2
Redhat Libvirt 1.1.1
Redhat Libvirt 1.1.0
Redhat Libvirt 1.1.3
7.7
CVSSv2
CVE-2015-3456
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and previous versions and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_...
Qemu Qemu
Redhat Openstack 4.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Openstack 5.0
Redhat Openstack 7.0
Redhat Enterprise Virtualization 3.0
Redhat Enterprise Linux 5
Xen Xen 4.5.0
Redhat Openstack 6.0
1 EDB exploit
5 Github repositories
3 Articles
7.2
CVSSv2
CVE-2020-14339
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform ope...
Redhat Enterprise Linux 8.0
Redhat Libvirt
7.2
CVSSv2
CVE-2020-25637
A double free memory issue was found to occur in the libvirt API, in versions prior to 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read...
Redhat Libvirt
Opensuse Leap 15.1
Opensuse Leap 15.2
2 Github repositories
7.2
CVSSv2
CVE-2019-10161
It exists that libvirtd prior to 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could ...
Redhat Libvirt
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Virtualization 4.0
Redhat Virtualization Host 4.0
Canonical Ubuntu Linux 14.04
7.2
CVSSv2
CVE-2013-4400
virt-login-shell in libvirt 1.1.2 up to and including 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
Redhat Libvirt 1.1.2
Redhat Libvirt 1.1.3
6.9
CVSSv2
CVE-2015-3247
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
Spice Project Spice 0.12.4
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Hpc Node 6
6.9
CVSSv2
CVE-2013-4291
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
Redhat Libvirt 0.10.2.7
Redhat Libvirt 1.1.1
Redhat Libvirt 1.0.5.5
6.9
CVSSv2
CVE-2011-1146
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote malicious users to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceRese...
Redhat Libvirt 0.8.8
6.8
CVSSv2
CVE-2017-1000256
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
Redhat Libvirt
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »