Max CVSS 9.3 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2014-5177 1.2
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the
22-04-2019 - 17:48 03-08-2014 - 18:55
CVE-2014-0179 1.9
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompa
22-04-2019 - 17:48 03-08-2014 - 18:55
CVE-2013-0170 9.3
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (c
22-04-2019 - 17:48 08-02-2013 - 20:55
CVE-2013-7336 1.9
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and li
30-10-2018 - 16:27 07-05-2014 - 10:55
CVE-2011-2511 4.0
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
29-08-2017 - 01:29 10-08-2011 - 20:55
CVE-2013-6456 5.8
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virD
03-01-2015 - 02:22 15-04-2014 - 23:55
CVE-2013-6457 5.2
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibl
03-01-2015 - 02:21 24-01-2014 - 18:55
CVE-2013-6458 6.8
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote rea
03-01-2015 - 02:19 24-01-2014 - 18:55
CVE-2014-0028 4.3
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2)
03-01-2015 - 02:08 24-01-2014 - 18:55
CVE-2014-1447 3.3
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
03-01-2015 - 01:44 24-01-2014 - 18:55
CVE-2013-5651 5.0
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.
03-01-2015 - 01:01 30-09-2013 - 21:55
CVE-2013-4292 2.1
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.
02-01-2015 - 16:23 30-09-2013 - 21:55
CVE-2013-4153 5.0
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom -
11-10-2013 - 16:01 30-09-2013 - 21:55
CVE-2013-2218 5.0
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skip
11-10-2013 - 16:01 30-09-2013 - 21:55
CVE-2013-4154 4.3
The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated
11-10-2013 - 15:18 30-09-2013 - 21:55
CVE-2013-2230 4.0
The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."
04-10-2013 - 16:43 30-09-2013 - 21:55
CVE-2013-4239 4.0
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.
01-10-2013 - 15:16 30-09-2013 - 21:55
CVE-2013-4291 6.9
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
01-10-2013 - 15:00 30-09-2013 - 21:55
CVE-2011-2178 4.4
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" an
02-08-2012 - 04:00 10-08-2011 - 20:55
CVE-2010-2242 2.1
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copyi
30-10-2010 - 05:41 19-08-2010 - 18:00
Back to Top Mark selected
Back to Top