Redhat Libvirt
44 CVEs affecting Redhat Libvirt. Latest disclosed: 2017-10-31. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-5008 | Critical | 9.8 | 2016-07-13 | libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass… |
CVE-2017-1000256 | High | 8.1 | 2017-10-31 | libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate S… |
CVE-2014-3672 | Medium | 6.5 | 2016-05-25 | The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout o… |
CVE-2015-5247 | Medium | 6.5 | 2016-04-14 | The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (li… |
CVE-2011-4600 | Medium | 5.9 | 2016-04-14 | The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libv… |
CVE-2015-5313 | Low | 2.5 | 2016-04-11 | Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Con… |
CVE-2015-0236 | | 2015-01-29 | libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the vi… | |
CVE-2014-8131 | | 2015-01-06 | The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions… | |
CVE-2014-8136 | | 2014-12-19 | The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails… | |
CVE-2014-8135 | | 2014-12-19 | The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a d… | |
CVE-2013-4399 | | 2014-12-12 | The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal… | |
CVE-2014-7823 | | 2014-11-13 | The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, whic… | |
CVE-2014-5177 | | 2014-08-03 | libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document co… | |
CVE-2014-0179 | | 2014-08-03 | libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML ext… | |
CVE-2013-7336 | | 2014-05-07 | The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migrat… | |
CVE-2013-6456 | | 2014-04-15 | The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and… | |
CVE-2014-1447 | | 2014-01-24 | Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) b… | |
CVE-2014-0028 | | 2014-01-24 | libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitiv… | |
CVE-2013-6458 | | 2014-01-24 | Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in lib… | |
CVE-2013-6457 | | 2014-01-24 | The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which al… |