Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libvirt vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2014-8135
The storageVolUpload function in storage/storage_driver.c in libvirt prior to 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload&quo...
Redhat Libvirt -
4
CVSSv2
CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value t...
Redhat Libvirt
4
CVSSv2
CVE-2020-10703
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as netwo...
Redhat Libvirt
6.8
CVSSv2
CVE-2021-21627
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and previous versions allows malicious users to stop hypervisor domains.
Jenkins Libvirt Agents
4
CVSSv2
CVE-2013-4239
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.
Redhat Libvirt 1.1.1
3.5
CVSSv2
CVE-2012-3445
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers a...
Redhat Libvirt 0.9.13
5
CVSSv2
CVE-2013-2218
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote malicious users to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by ...
Redhat Libvirt 1.0.6
1 EDB exploit
6.8
CVSSv2
CVE-2019-10471
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Libvirt Slaves
6.9
CVSSv2
CVE-2011-1146
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote malicious users to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceRese...
Redhat Libvirt 0.8.8
4
CVSSv2
CVE-2019-10472
A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Libvirt Slaves
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »