Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat libvirt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-4400
virt-login-shell in libvirt 1.1.2 up to and including 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
Redhat Libvirt 1.1.2
Redhat Libvirt 1.1.3
2.5
CVSSv3
CVE-2015-5313
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write t...
Redhat Libvirt -
6.5
CVSSv3
CVE-2017-2635
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
Redhat Libvirt
6.5
CVSSv3
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value t...
Redhat Libvirt
NA
CVE-2014-8131
The qemu implementation of virConnectGetAllDomainStats in libvirt prior to 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via...
Redhat Libvirt
NA
CVE-2014-8135
The storageVolUpload function in storage/storage_driver.c in libvirt prior to 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload&quo...
Redhat Libvirt -
6.5
CVSSv3
CVE-2020-10703
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as netwo...
Redhat Libvirt
8.8
CVSSv3
CVE-2020-14339
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform ope...
Redhat Enterprise Linux 8.0
Redhat Libvirt
5.3
CVSSv3
CVE-2023-3750
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-...
Redhat Libvirt -
Redhat Enterprise Linux 9.0
6.5
CVSSv3
CVE-2020-12430
An issue exists in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x prior to 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unpri...
Redhat Libvirt
Redhat Enterprise Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »