Vulnerabilities > Redhat > Libvirt > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2021-3559 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. | 4.0 |
| 2020-10-06 | CVE-2020-25637 | Double Free vulnerability in multiple products A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. | 6.7 |
| 2020-06-02 | CVE-2020-10703 | NULL Pointer Dereference vulnerability in Redhat Libvirt A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. | 6.5 |
| 2020-04-28 | CVE-2020-12430 | Memory Leak vulnerability in Redhat Enterprise Linux and Libvirt An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. | 6.5 |
| 2020-03-19 | CVE-2019-20485 | Improper Input Validation vulnerability in multiple products qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | 5.7 |
| 2019-08-02 | CVE-2019-10168 | Path Traversal vulnerability in Redhat products The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. | 4.6 |
| 2019-08-02 | CVE-2019-10167 | Path Traversal vulnerability in Redhat products The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. | 4.6 |
| 2019-08-02 | CVE-2019-10166 | Unspecified vulnerability in Redhat products It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. | 4.6 |
| 2019-04-18 | CVE-2016-10746 | 7PK - Security Features vulnerability in multiple products libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | 5.0 |
| 2019-04-04 | CVE-2019-3886 | Missing Authorization vulnerability in multiple products An incorrect permissions check was discovered in libvirt 4.8.0 and above. | 5.4 |