Vulnerabilities > Redhat > Libvirt > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-24 CVE-2021-3559 A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0.
network
low complexity
redhat netapp
6.5
2020-10-06 CVE-2020-25637 A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain.
local
low complexity
redhat opensuse
6.7
2020-06-02 CVE-2020-10703 NULL Pointer Dereference vulnerability in Redhat Libvirt
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path.
network
low complexity
redhat CWE-476
6.5
2020-04-28 CVE-2020-12430 Memory Leak vulnerability in Redhat Enterprise Linux and Libvirt
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0.
network
low complexity
redhat CWE-401
6.5
2020-03-19 CVE-2019-20485 Improper Input Validation vulnerability in multiple products
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
5.7
2019-04-04 CVE-2019-3886 An incorrect permissions check was discovered in libvirt 4.8.0 and above.
low complexity
redhat opensuse fedoraproject
5.4
2019-03-27 CVE-2019-3840 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent.
network
high complexity
redhat opensuse CWE-476
6.3
2018-08-22 CVE-2017-2635 NULL Pointer Dereference vulnerability in Redhat Libvirt 2.5.0/3.0.0
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives.
network
low complexity
redhat CWE-476
6.5
2016-05-25 CVE-2014-3672 Resource Exhaustion vulnerability in multiple products
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
local
low complexity
redhat xen CWE-400
6.5
2016-04-14 CVE-2015-5247 Improper Access Control vulnerability in multiple products
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
network
low complexity
redhat canonical CWE-284
6.5