| Max CVSS | 7.2 | Min CVSS | 4.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-10161 | 7.2 |
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attac
|
25-03-2021 - 14:09 | 30-07-2019 - 23:15 | |
| CVE-2019-10168 | 4.6 |
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will ex
|
15-10-2020 - 13:28 | 02-08-2019 - 13:15 | |
| CVE-2019-10167 | 4.6 |
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to pro
|
15-10-2020 - 13:28 | 02-08-2019 - 13:15 | |
| CVE-2019-10166 | 4.6 |
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had alre
|
15-10-2020 - 13:28 | 02-08-2019 - 13:15 | |
| CVE-2019-10161 | 7.2 |
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attac
|
30-09-2020 - 14:47 | 30-07-2019 - 23:15 |