Vulnerabilities > Redhat > Libvirt > 1.3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-23 | CVE-2021-3975 | Use After Free vulnerability in multiple products A use-after-free flaw was found in libvirt. | 6.5 |
2022-03-25 | CVE-2021-4147 | Improper Locking vulnerability in multiple products A flaw was found in the libvirt libxl driver. | 6.5 |
2021-05-27 | CVE-2020-10701 | Missing Authorization vulnerability in Redhat Libvirt A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. | 4.0 |
2020-10-06 | CVE-2020-25637 | Double Free vulnerability in multiple products A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. | 6.7 |
2020-03-19 | CVE-2019-20485 | Improper Input Validation vulnerability in multiple products qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | 5.7 |
2019-07-30 | CVE-2019-10161 | Missing Authorization vulnerability in multiple products It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. | 7.8 |
2019-05-22 | CVE-2019-10132 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. | 8.8 |
2019-04-18 | CVE-2016-10746 | 7PK - Security Features vulnerability in multiple products libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | 5.0 |
2019-03-27 | CVE-2019-3840 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. | 6.3 |
2018-03-28 | CVE-2018-1064 | Resource Exhaustion vulnerability in multiple products libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | 7.5 |