Vulnerabilities > Redhat > Libvirt > 5.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-18 | CVE-2024-2496 | A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. | 5.5 |
| 2022-08-23 | CVE-2021-3975 | A use-after-free flaw was found in libvirt. | 6.5 |
| 2022-03-02 | CVE-2021-3631 | A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. | 6.3 |
| 2022-03-02 | CVE-2021-3667 | Improper Locking vulnerability in multiple products An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. | 6.5 |
| 2021-05-27 | CVE-2020-10701 | Unspecified vulnerability in Redhat Libvirt A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. | 6.5 |
| 2020-10-06 | CVE-2020-25637 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. | 6.7 |
| 2020-06-02 | CVE-2020-10703 | NULL Pointer Dereference vulnerability in Redhat Libvirt A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. | 6.5 |
| 2020-04-28 | CVE-2020-12430 | Memory Leak vulnerability in Redhat Enterprise Linux and Libvirt An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. | 6.5 |
| 2020-03-19 | CVE-2019-20485 | Improper Input Validation vulnerability in multiple products qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | 5.7 |
| 2019-08-02 | CVE-2019-10168 | Path Traversal vulnerability in Redhat products The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. | 7.8 |