Vulnerabilities > Redhat > Libvirt
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-18 | CVE-2016-10746 | 7PK - Security Features vulnerability in multiple products libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | 5.0 |
| 2019-04-04 | CVE-2019-3886 | Missing Authorization vulnerability in multiple products An incorrect permissions check was discovered in libvirt 4.8.0 and above. | 5.4 |
| 2019-03-27 | CVE-2019-3840 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. | 6.3 |
| 2018-08-22 | CVE-2017-2635 | NULL Pointer Dereference vulnerability in Redhat Libvirt 2.5.0/3.0.0 A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. | 6.5 |
| 2018-03-28 | CVE-2018-1064 | Resource Exhaustion vulnerability in multiple products libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | 7.5 |
| 2018-02-23 | CVE-2018-6764 | Origin Validation Error vulnerability in multiple products util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | 4.6 |
| 2018-01-25 | CVE-2018-5748 | Resource Exhaustion vulnerability in multiple products qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. | 5.0 |
| 2017-10-31 | CVE-2017-1000256 | Improper Certificate Validation vulnerability in multiple products libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | 8.1 |
| 2016-07-13 | CVE-2016-5008 | Improper Access Control vulnerability in multiple products libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | 9.8 |
| 2016-05-25 | CVE-2014-3672 | Resource Exhaustion vulnerability in multiple products The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | 6.5 |