Vulnerabilities > Redhat > Libvirt > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-03 CVE-2020-14339 Unspecified vulnerability in Redhat Enterprise Linux and Libvirt
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process.
local
low complexity
redhat
8.8
2019-08-02 CVE-2019-10168 Path Traversal vulnerability in Redhat products
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain.
local
low complexity
redhat CWE-22
7.8
2019-08-02 CVE-2019-10167 Missing Authorization vulnerability in Redhat products
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain.
local
low complexity
redhat CWE-862
7.8
2019-08-02 CVE-2019-10166 Unspecified vulnerability in Redhat products
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files.
local
low complexity
redhat
7.8
2019-07-30 CVE-2019-10161 Missing Authorization vulnerability in multiple products
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process.
local
low complexity
redhat canonical CWE-862
7.8
2019-05-22 CVE-2019-10132 A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units.
network
low complexity
redhat fedoraproject
8.8
2019-04-18 CVE-2016-10746 7PK - Security Features vulnerability in multiple products
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
network
low complexity
redhat debian CWE-254
7.5
2018-03-28 CVE-2018-1064 Resource Exhaustion vulnerability in multiple products
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
network
low complexity
debian redhat CWE-400
7.5
2018-02-23 CVE-2018-6764 Origin Validation Error vulnerability in multiple products
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
local
low complexity
redhat debian canonical CWE-346
7.8
2018-01-25 CVE-2018-5748 Resource Exhaustion vulnerability in multiple products
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
network
low complexity
redhat debian CWE-400
7.5