Max CVSS | 8.5 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-4297 | 4.0 |
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.
|
13-02-2023 - 04:46 | 30-09-2013 - 21:55 | |
CVE-2013-4400 | 7.2 |
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
|
13-02-2023 - 04:46 | 09-12-2013 - 16:36 | |
CVE-2013-4401 | 8.5 |
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted X
|
13-02-2023 - 04:46 | 02-11-2013 - 18:55 | |
CVE-2013-4292 | 2.1 |
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.
|
13-02-2023 - 04:45 | 30-09-2013 - 21:55 | |
CVE-2014-3633 | 5.8 |
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via
|
13-02-2023 - 00:41 | 06-10-2014 - 14:55 | |
CVE-2014-0179 | 1.9 |
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompa
|
13-02-2023 - 00:35 | 03-08-2014 - 18:55 | |
CVE-2013-6456 | 5.8 |
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virD
|
13-02-2023 - 00:29 | 15-04-2014 - 23:55 | |
CVE-2013-6436 | 2.1 |
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference
|
13-02-2023 - 00:29 | 07-01-2014 - 19:55 | |
CVE-2013-4296 | 4.0 |
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized po
|
13-02-2023 - 00:28 | 30-09-2013 - 21:55 | |
CVE-2014-5177 | 1.2 |
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the
|
22-04-2019 - 17:48 | 03-08-2014 - 18:55 | |
CVE-2013-7336 | 1.9 |
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and li
|
30-10-2018 - 16:27 | 07-05-2014 - 10:55 | |
CVE-2014-7823 | 5.0 |
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
|
03-01-2017 - 02:59 | 13-11-2014 - 21:32 | |
CVE-2013-6457 | 5.2 |
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibl
|
03-01-2015 - 02:21 | 24-01-2014 - 18:55 | |
CVE-2013-6458 | 6.8 |
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote rea
|
03-01-2015 - 02:19 | 24-01-2014 - 18:55 | |
CVE-2014-0028 | 4.3 |
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2)
|
03-01-2015 - 02:08 | 24-01-2014 - 18:55 | |
CVE-2014-1447 | 3.3 |
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
|
03-01-2015 - 01:44 | 24-01-2014 - 18:55 | |
CVE-2013-5651 | 5.0 |
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.
|
03-01-2015 - 01:01 | 30-09-2013 - 21:55 | |
CVE-2013-4399 | 4.3 |
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) b
|
15-12-2014 - 19:10 | 12-12-2014 - 15:59 |