Vulnerabilities > Redhat > Libvirt

DATE CVE VULNERABILITY TITLE RISK
2016-05-25 CVE-2014-3672 Resource Exhaustion vulnerability in multiple products
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
local
low complexity
redhat xen CWE-400
6.5
2016-04-14 CVE-2015-5247 Improper Access Control vulnerability in multiple products
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
network
low complexity
redhat canonical CWE-284
6.5
2016-04-14 CVE-2011-4600 Improper Access Control vulnerability in multiple products
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.
network
high complexity
canonical redhat CWE-284
5.9
2016-04-11 CVE-2015-5313 Path Traversal vulnerability in Redhat Libvirt
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a ..
local
high complexity
redhat CWE-22
2.5