Vulnerabilities > Redhat > Libvirt > 4.8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-23 | CVE-2021-3975 | Use After Free vulnerability in multiple products A use-after-free flaw was found in libvirt. | 6.5 |
| 2021-05-27 | CVE-2020-10701 | Missing Authorization vulnerability in Redhat Libvirt A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. | 4.0 |
| 2020-10-06 | CVE-2020-25637 | Double Free vulnerability in multiple products A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. | 6.7 |
| 2020-06-02 | CVE-2020-10703 | NULL Pointer Dereference vulnerability in Redhat Libvirt A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. | 6.5 |
| 2020-03-19 | CVE-2019-20485 | Improper Input Validation vulnerability in multiple products qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | 5.7 |
| 2019-08-02 | CVE-2019-10168 | Path Traversal vulnerability in Redhat products The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. | 4.6 |
| 2019-08-02 | CVE-2019-10167 | Path Traversal vulnerability in Redhat products The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. | 4.6 |
| 2019-08-02 | CVE-2019-10166 | Unspecified vulnerability in Redhat products It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. | 4.6 |
| 2019-07-30 | CVE-2019-10161 | Missing Authorization vulnerability in multiple products It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. | 7.8 |
| 2019-04-04 | CVE-2019-3886 | Missing Authorization vulnerability in multiple products An incorrect permissions check was discovered in libvirt 4.8.0 and above. | 5.4 |