Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libvirt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-2178
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 up to and including 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" ...
Redhat Libvirt 0.9.0
Redhat Libvirt 0.8.8
Redhat Libvirt 0.9.1
NA
CVE-2013-4291
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
Redhat Libvirt 0.10.2.7
Redhat Libvirt 1.1.1
Redhat Libvirt 1.0.5.5
NA
CVE-2009-0036
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the ...
Libvirt Libvirt 0.5.1
1 EDB exploit
6.5
CVSSv3
CVE-2015-5247
The virStorageVolCreateXML API in libvirt 1.2.14 up to and including 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
Redhat Libvirt 1.2.18
Redhat Libvirt 1.2.19
Redhat Libvirt 1.2.15
Redhat Libvirt 1.2.17
Redhat Libvirt 1.2.14
Redhat Libvirt 1.2.16
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
NA
CVE-2013-4400
virt-login-shell in libvirt 1.1.2 up to and including 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
Redhat Libvirt 1.1.2
Redhat Libvirt 1.1.3
NA
CVE-2013-4153
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 up to and including 1.1.0 allows remote malicious users to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest&...
Redhat Libvirt 1.0.6
Redhat Libvirt 1.1.0
NA
CVE-2013-4292
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.
Redhat Libvirt 1.1.1
Redhat Libvirt 1.1.0
6.5
CVSSv3
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value t...
Redhat Libvirt
NA
CVE-2014-8131
The qemu implementation of virConnectGetAllDomainStats in libvirt prior to 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via...
Redhat Libvirt
6.5
CVSSv3
CVE-2020-10703
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as netwo...
Redhat Libvirt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »