Vulnerabilities > Redhat > Libvirt
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-03 | CVE-2013-4311 | Permissions, Privileges, and Access Controls vulnerability in multiple products libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
| 2013-03-20 | CVE-2013-1766 | Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. | 3.6 |
| 2012-08-07 | CVE-2012-3445 | Resource Management Errors vulnerability in Redhat Libvirt 0.9.13 The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer. | 3.5 |
| 2012-06-17 | CVE-2012-2693 | Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices. | 3.7 |