rpm package
opensuse/libvirt&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libvirt&distro=openSUSE%20Tumbleweed
Vulnerabilities (64)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-2511 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Aug 10, 2011 | Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. | ||
| CVE-2011-1146 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Mar 15, 2011 | libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) | ||
| CVE-2010-2242 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Aug 19, 2010 | Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directo | ||
| CVE-2008-5086 | — | < 7.7.0-2.1 | 7.7.0-2.1 | Dec 19, 2008 | Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions. |
- CVE-2011-2511Aug 10, 2011affected < 2.5.0-1.1fixed 2.5.0-1.1
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
- CVE-2011-1146Mar 15, 2011affected < 2.5.0-1.1fixed 2.5.0-1.1
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3)
- CVE-2010-2242Aug 19, 2010affected < 2.5.0-1.1fixed 2.5.0-1.1
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directo
- CVE-2008-5086Dec 19, 2008affected < 7.7.0-2.1fixed 7.7.0-2.1
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
Page 4 of 4