Vulnerabilities > Redhat > Libvirt

DATE CVE VULNERABILITY TITLE RISK
2021-05-24 CVE-2021-3559 A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0.
network
low complexity
redhat netapp
6.5
2020-12-03 CVE-2020-14339 Unspecified vulnerability in Redhat Enterprise Linux and Libvirt
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process.
local
low complexity
redhat
8.8
2020-10-06 CVE-2020-25637 A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain.
local
low complexity
redhat opensuse
6.7
2020-06-02 CVE-2020-10703 NULL Pointer Dereference vulnerability in Redhat Libvirt
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path.
network
low complexity
redhat CWE-476
6.5
2020-04-28 CVE-2020-12430 Memory Leak vulnerability in Redhat Enterprise Linux and Libvirt
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0.
network
low complexity
redhat CWE-401
6.5
2020-03-19 CVE-2019-20485 Improper Input Validation vulnerability in multiple products
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
5.7
2019-08-02 CVE-2019-10168 Path Traversal vulnerability in Redhat products
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain.
local
low complexity
redhat CWE-22
7.8
2019-08-02 CVE-2019-10167 Missing Authorization vulnerability in Redhat products
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain.
local
low complexity
redhat CWE-862
7.8
2019-08-02 CVE-2019-10166 Unspecified vulnerability in Redhat products
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files.
local
low complexity
redhat
7.8
2019-07-30 CVE-2019-10161 Missing Authorization vulnerability in multiple products
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process.
local
low complexity
redhat canonical CWE-862
7.8