Vulnerabilities > Redhat > Libvirt > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-03 | CVE-2020-14339 | Missing Release of Resource after Effective Lifetime vulnerability in Redhat Enterprise Linux and Libvirt A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. | 8.8 |
| 2019-07-30 | CVE-2019-10161 | Missing Authorization vulnerability in multiple products It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. | 7.8 |
| 2019-05-22 | CVE-2019-10132 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. | 8.8 |
| 2018-03-28 | CVE-2018-1064 | Resource Exhaustion vulnerability in multiple products libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | 7.5 |
| 2017-10-31 | CVE-2017-1000256 | Improper Certificate Validation vulnerability in multiple products libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | 8.1 |