Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2010-2239

Published: 19/08/2010 Updated: 30/10/2010
CVSS v2 Base Score: 4.4 | Impact Score: 6.9 | Exploitability Score: 2.7
VMScore: 392
Vector: AV:L/AC:M/Au:S/C:C/I:N/A:N
Subscribe to Libvirt

Vulnerability Summary

Red Hat libvirt, possibly 0.6.0 up to and including 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

libvirt libvirt 0.7.0

libvirt libvirt 0.7.1

libvirt libvirt 0.7.2

libvirt libvirt 0.8.1

libvirt libvirt 0.8.2

libvirt libvirt 0.6.4

libvirt libvirt 0.6.5

libvirt libvirt 0.7.7

libvirt libvirt 0.8.0

libvirt libvirt 0.6.2

libvirt libvirt 0.6.3

libvirt libvirt 0.7.5

libvirt libvirt 0.7.6

libvirt libvirt 0.6.1

libvirt libvirt 0.7.3

libvirt libvirt 0.7.4

libvirt libvirt 0.6.0

Vendor Advisories

Red Hat: Low: libvirt security and bug fix update
Synopsis Low: libvirt security and bug fix update Type/Severity Security Advisory: Low Topic Updated libvirt packages that fix two security issues and three bugs arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact Common Vuln ...
Ubuntu Security Notice: libvirt regression
This update restores ‘host_device’ support for domain XML on Ubuntu 1004 LTS ...
Ubuntu Security Notice: libvirt vulnerabilities
Guest VMs could be made to circumvent security protections to access resources on the host ...
Ubuntu Security Notice: libvirt update
This update reenables recent bug fixes ...
Ubuntu Security Notice: virtinst update
Updated virtinst for use with the new libvirt ...

References

CWE-264https://bugzilla.redhat.com/show_bug.cgi?id=607812http://www.vupen.com/english/advisories/2010/2062http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.htmlhttp://libvirt.org/news.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0615.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://ubuntu.com/usn/usn-1008-2http://ubuntu.com/usn/usn-1008-1http://www.vupen.com/english/advisories/2010/2763http://ubuntu.com/usn/usn-1008-3https://access.redhat.com/errata/RHSA-2010:0615https://nvd.nist.govhttps://usn.ubuntu.com/1008-4/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook