Vulnerabilities > Redhat > Libvirt

DATE CVE VULNERABILITY TITLE RISK
2019-05-22 CVE-2019-10132 A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units.
network
low complexity
redhat fedoraproject
8.8
2019-04-18 CVE-2016-10746 7PK - Security Features vulnerability in multiple products
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
network
low complexity
redhat debian CWE-254
7.5
2019-04-04 CVE-2019-3886 An incorrect permissions check was discovered in libvirt 4.8.0 and above.
low complexity
redhat opensuse fedoraproject
5.4
2019-03-27 CVE-2019-3840 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent.
network
high complexity
redhat opensuse CWE-476
6.3
2018-08-22 CVE-2017-2635 NULL Pointer Dereference vulnerability in Redhat Libvirt 2.5.0/3.0.0
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives.
network
low complexity
redhat CWE-476
6.5
2018-03-28 CVE-2018-1064 Resource Exhaustion vulnerability in multiple products
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
network
low complexity
debian redhat CWE-400
7.5
2018-02-23 CVE-2018-6764 Origin Validation Error vulnerability in multiple products
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
local
low complexity
redhat debian canonical CWE-346
7.8
2018-01-25 CVE-2018-5748 Resource Exhaustion vulnerability in multiple products
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
network
low complexity
redhat debian CWE-400
7.5
2017-10-31 CVE-2017-1000256 Improper Certificate Validation vulnerability in multiple products
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
network
high complexity
redhat debian CWE-295
8.1
2016-07-13 CVE-2016-5008 Improper Access Control vulnerability in multiple products
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
network
low complexity
redhat debian CWE-284
critical
9.8