rpm package
opensuse/libvirt&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/libvirt&distro=openSUSE%20Leap%2015.1
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15708 | — | < 5.1.0-lp151.7.10.1 | 5.1.0-lp151.7.10.1 | Nov 6, 2020 | Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. | ||
| CVE-2020-25637 | — | < 5.1.0-lp151.7.10.1 | 5.1.0-lp151.7.10.1 | Oct 6, 2020 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w | ||
| CVE-2019-10168 | — | < 5.1.0-lp151.7.3.1 | 5.1.0-lp151.7.3.1 | Aug 2, 2019 | The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe th | ||
| CVE-2019-10167 | — | < 5.1.0-lp151.7.3.1 | 5.1.0-lp151.7.3.1 | Aug 2, 2019 | The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. | ||
| CVE-2019-10166 | — | < 5.1.0-lp151.7.3.1 | 5.1.0-lp151.7.3.1 | Aug 2, 2019 | It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileg | ||
| CVE-2019-10161 | — | < 5.1.0-lp151.7.3.1 | 5.1.0-lp151.7.3.1 | Jul 30, 2019 | It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirt |
- CVE-2020-15708Nov 6, 2020affected < 5.1.0-lp151.7.10.1fixed 5.1.0-lp151.7.10.1
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
- CVE-2020-25637Oct 6, 2020affected < 5.1.0-lp151.7.10.1fixed 5.1.0-lp151.7.10.1
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w
- CVE-2019-10168Aug 2, 2019affected < 5.1.0-lp151.7.3.1fixed 5.1.0-lp151.7.3.1
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe th
- CVE-2019-10167Aug 2, 2019affected < 5.1.0-lp151.7.3.1fixed 5.1.0-lp151.7.3.1
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities.
- CVE-2019-10166Aug 2, 2019affected < 5.1.0-lp151.7.3.1fixed 5.1.0-lp151.7.3.1
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileg
- CVE-2019-10161Jul 30, 2019affected < 5.1.0-lp151.7.3.1fixed 5.1.0-lp151.7.3.1
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirt