rpm package
opensuse/libvirt&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libvirt&distro=openSUSE%20Tumbleweed
Vulnerabilities (64)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10166 | — | < 7.7.0-2.1 | 7.7.0-2.1 | Aug 2, 2019 | It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileg | ||
| CVE-2019-10161 | — | < 7.7.0-2.1 | 7.7.0-2.1 | Jul 30, 2019 | It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirt | ||
| CVE-2018-12127 | Med | 5.6 | < 7.7.0-2.1 | 7.7.0-2.1 | May 30, 2019 | Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: | |
| CVE-2018-12126 | Med | 5.6 | < 7.7.0-2.1 | 7.7.0-2.1 | May 30, 2019 | Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found | |
| CVE-2019-10132 | — | < 7.7.0-2.1 | 7.7.0-2.1 | May 22, 2019 | A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative ta | ||
| CVE-2019-3886 | — | < 7.7.0-2.1 | 7.7.0-2.1 | Apr 4, 2019 | An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. | ||
| CVE-2017-2635 | Hig | 7.7 | < 7.7.0-2.1 | 7.7.0-2.1 | Aug 22, 2018 | A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service. | |
| CVE-2018-3639 | Med | 5.5 | < 7.7.0-2.1 | 7.7.0-2.1 | May 22, 2018 | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka | |
| CVE-2018-1064 | Hig | 7.5 | < 7.7.0-2.1 | 7.7.0-2.1 | Mar 28, 2018 | libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | |
| CVE-2018-5748 | Hig | 7.5 | < 7.7.0-2.1 | 7.7.0-2.1 | Jan 25, 2018 | qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. | |
| CVE-2017-1000256 | Hig | 8.1 | < 7.7.0-2.1 | 7.7.0-2.1 | Oct 31, 2017 | libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |
| CVE-2015-5247 | Med | 6.5 | < 2.5.0-1.1 | 2.5.0-1.1 | Apr 14, 2016 | The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. | |
| CVE-2011-4600 | Med | 5.9 | < 2.5.0-1.1 | 2.5.0-1.1 | Apr 14, 2016 | The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP qu | |
| CVE-2015-5313 | Low | 2.5 | < 2.5.0-1.1 | 2.5.0-1.1 | Apr 11, 2016 | Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write t | |
| CVE-2015-0236 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Jan 29, 2015 | libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. | ||
| CVE-2014-8131 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Jan 6, 2015 | The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a | ||
| CVE-2013-4399 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Dec 12, 2014 | The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler | ||
| CVE-2014-7823 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Nov 13, 2014 | The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. | ||
| CVE-2014-3657 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Oct 6, 2014 | The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API c | ||
| CVE-2014-3633 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Oct 6, 2014 | The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, whi |
- CVE-2019-10166Aug 2, 2019affected < 7.7.0-2.1fixed 7.7.0-2.1
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileg
- CVE-2019-10161Jul 30, 2019affected < 7.7.0-2.1fixed 7.7.0-2.1
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirt
- affected < 7.7.0-2.1fixed 7.7.0-2.1
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:
- affected < 7.7.0-2.1fixed 7.7.0-2.1
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found
- CVE-2019-10132May 22, 2019affected < 7.7.0-2.1fixed 7.7.0-2.1
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative ta
- CVE-2019-3886Apr 4, 2019affected < 7.7.0-2.1fixed 7.7.0-2.1
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
- affected < 7.7.0-2.1fixed 7.7.0-2.1
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
- affected < 7.7.0-2.1fixed 7.7.0-2.1
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
- affected < 7.7.0-2.1fixed 7.7.0-2.1
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
- affected < 7.7.0-2.1fixed 7.7.0-2.1
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
- affected < 7.7.0-2.1fixed 7.7.0-2.1
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
- affected < 2.5.0-1.1fixed 2.5.0-1.1
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
- affected < 2.5.0-1.1fixed 2.5.0-1.1
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP qu
- affected < 2.5.0-1.1fixed 2.5.0-1.1
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write t
- CVE-2015-0236Jan 29, 2015affected < 2.5.0-1.1fixed 2.5.0-1.1
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
- CVE-2014-8131Jan 6, 2015affected < 2.5.0-1.1fixed 2.5.0-1.1
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a
- CVE-2013-4399Dec 12, 2014affected < 2.5.0-1.1fixed 2.5.0-1.1
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler
- CVE-2014-7823Nov 13, 2014affected < 2.5.0-1.1fixed 2.5.0-1.1
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
- CVE-2014-3657Oct 6, 2014affected < 2.5.0-1.1fixed 2.5.0-1.1
The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API c
- CVE-2014-3633Oct 6, 2014affected < 2.5.0-1.1fixed 2.5.0-1.1
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, whi
Page 2 of 4