Vulnerabilities > Redhat > Libvirt > 4.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-18 | CVE-2024-2496 | A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. | 5.5 |
| 2022-08-23 | CVE-2021-3975 | A use-after-free flaw was found in libvirt. | 6.5 |
| 2022-03-02 | CVE-2021-3631 | A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. | 6.3 |
| 2021-05-27 | CVE-2020-10701 | Unspecified vulnerability in Redhat Libvirt A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. | 6.5 |
| 2020-10-06 | CVE-2020-25637 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. | 6.7 |
| 2020-06-02 | CVE-2020-10703 | NULL Pointer Dereference vulnerability in Redhat Libvirt A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. | 6.5 |
| 2020-03-19 | CVE-2019-20485 | Improper Input Validation vulnerability in multiple products qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | 5.7 |
| 2019-08-02 | CVE-2019-10168 | Path Traversal vulnerability in Redhat products The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. | 7.8 |
| 2019-08-02 | CVE-2019-10167 | Missing Authorization vulnerability in Redhat products The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. | 7.8 |
| 2019-08-02 | CVE-2019-10166 | Unspecified vulnerability in Redhat products It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. | 7.8 |