Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libvirt vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-0897
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->...
Redhat Libvirt
Netapp Ontap Select Deploy Administration Utility -
6.3
CVSSv3
CVE-2019-3840
A NULL pointer dereference flaw exists in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Redhat Libvirt
Opensuse Leap 42.3
Opensuse Leap 15.0
6.5
CVSSv3
CVE-2021-4147
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
Redhat Libvirt
Fedoraproject Fedora 35
Netapp Ontap Select Deploy Administration Utility -
5.4
CVSSv3
CVE-2019-3886
An incorrect permissions check exists in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
Redhat Libvirt
Opensuse Leap 42.3
Fedoraproject Fedora 29
Fedoraproject Fedora 30
6.5
CVSSv3
CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc...
Redhat Libvirt
Redhat Enterprise Linux 8.0
Netapp Ontap Select Deploy Administration Utility -
5.5
CVSSv3
CVE-2023-2700
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.
Redhat Libvirt 4.5.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 38
6.3
CVSSv3
CVE-2021-3631
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability i...
Redhat Libvirt
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.8
Netapp Ontap Select Deploy Administration Utility -
5.7
CVSSv3
CVE-2019-20485
qemu/qemu_driver.c in libvirt prior to 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows malicious users to cause a denial of service (API blockage).
Redhat Libvirt
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
5.9
CVSSv3
CVE-2011-4600
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt prior to 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote malicious users to bypass intended access restrictions via a (1) DNS or (2)...
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Redhat Libvirt 0.9.8
7.8
CVSSv3
CVE-2019-10161
It exists that libvirtd prior to 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could ...
Redhat Libvirt
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Virtualization 4.0
Redhat Virtualization Host 4.0
Canonical Ubuntu Linux 14.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »