rpm package
suse/libvirt&distro=SUSE Enterprise Storage 5
pkg:rpm/suse/libvirt&distro=SUSE%20Enterprise%20Storage%205
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15708 | — | < 3.3.0-5.46.1 | 3.3.0-5.46.1 | Nov 6, 2020 | Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. | ||
| CVE-2020-25637 | — | < 3.3.0-5.46.1 | 3.3.0-5.46.1 | Oct 6, 2020 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w | ||
| CVE-2019-10167 | — | < 3.3.0-5.40.1 | 3.3.0-5.40.1 | Aug 2, 2019 | The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. | ||
| CVE-2019-10161 | — | < 3.3.0-5.40.1 | 3.3.0-5.40.1 | Jul 30, 2019 | It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirt |
- CVE-2020-15708Nov 6, 2020affected < 3.3.0-5.46.1fixed 3.3.0-5.46.1
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
- CVE-2020-25637Oct 6, 2020affected < 3.3.0-5.46.1fixed 3.3.0-5.46.1
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w
- CVE-2019-10167Aug 2, 2019affected < 3.3.0-5.40.1fixed 3.3.0-5.40.1
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities.
- CVE-2019-10161Jul 30, 2019affected < 3.3.0-5.40.1fixed 3.3.0-5.40.1
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirt