Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libvirt vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-3411
Dnsmasq prior to 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote malicious users to cause a denial of service (traffic amplification) via a spoofed DNS query.
Thekelleys Dnsmasq
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
NA
CVE-2024-2496
A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perfo...
4.3
CVSSv2
CVE-2012-5625
OpenStack Compute (Nova) Folsom prior to 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows malicious users to obtain sensitive information by reading the memory of ...
Openstack Folsom 2012.2
Openstack Grizzly -
6.4
CVSSv2
CVE-2015-3294
The tcp_request function in Dnsmasq prior to 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote malicious users to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
Thekelleys Dnsmasq
Oracle Solaris 11.2
NA
CVE-2022-44020
An issue exists in OpenStack Sushy-Tools up to and including 0.21.0 and VirtualBMC up to and including 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, ...
Opendev Sushy-tools
Opendev Virtualbmc
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
4.6
CVSSv2
CVE-2020-15708
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
Canonical Ubuntu Linux 20.04
5.5
CVSSv2
CVE-2012-3360
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of...
Openstack Folsom 2012.2
Openstack Essex 2012.1
1.9
CVSSv2
CVE-2015-4037
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and previous versions creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
Qemu Qemu
4.7
CVSSv2
CVE-2019-11091
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products c...
Intel Microarchitectural Data Sampling Uncacheable Memory Firmware -
Fedoraproject Fedora 29
3 Github repositories
1 Article
4.7
CVSSv2
CVE-2018-12126
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found...
Intel Microarchitectural Store Buffer Data Sampling Firmware -
Fedoraproject Fedora 29
3 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »