rpm package
suse/libvirt&distro=SUSE Linux Enterprise High Performance Computing 15-ESPOS
pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3975 | — | < 4.0.0-9.40.1 | 4.0.0-9.40.1 | Aug 23, 2022 | A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues | ||
| CVE-2021-4147 | — | < 4.0.0-9.40.1 | 4.0.0-9.40.1 | Mar 25, 2022 | A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. | ||
| CVE-2021-22207 | — | < 4.0.0-9.37.21 | 4.0.0-9.37.21 | Apr 23, 2021 | Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | ||
| CVE-2021-22191 | — | < 4.0.0-9.37.21 | 4.0.0-9.37.21 | Mar 15, 2021 | Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. | ||
| CVE-2021-22173 | — | < 4.0.0-9.37.21 | 4.0.0-9.37.21 | Feb 17, 2021 | Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file | ||
| CVE-2021-22174 | — | < 4.0.0-9.37.21 | 4.0.0-9.37.21 | Feb 17, 2021 | Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file | ||
| CVE-2020-26422 | — | < 4.0.0-9.37.21 | 4.0.0-9.37.21 | Dec 21, 2020 | Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file | ||
| CVE-2020-26418 | — | < 4.0.0-9.37.21 | 4.0.0-9.37.21 | Dec 11, 2020 | Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | ||
| CVE-2020-26421 | — | < 4.0.0-9.37.21 | 4.0.0-9.37.21 | Dec 11, 2020 | Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | ||
| CVE-2020-26420 | — | < 4.0.0-9.37.21 | 4.0.0-9.37.21 | Dec 11, 2020 | Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | ||
| CVE-2020-26419 | — | < 4.0.0-9.37.21 | 4.0.0-9.37.21 | Dec 11, 2020 | Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. | ||
| CVE-2020-15708 | — | < 4.0.0-9.35.1 | 4.0.0-9.35.1 | Nov 6, 2020 | Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. | ||
| CVE-2020-25637 | — | < 4.0.0-9.35.1 | 4.0.0-9.35.1 | Oct 6, 2020 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w | ||
| CVE-2020-10703 | — | < 4.0.0-9.32.1 | 4.0.0-9.32.1 | Jun 2, 2020 | A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as netwo |
- CVE-2021-3975Aug 23, 2022affected < 4.0.0-9.40.1fixed 4.0.0-9.40.1
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues
- CVE-2021-4147Mar 25, 2022affected < 4.0.0-9.40.1fixed 4.0.0-9.40.1
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
- CVE-2021-22207Apr 23, 2021affected < 4.0.0-9.37.21fixed 4.0.0-9.37.21
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
- CVE-2021-22191Mar 15, 2021affected < 4.0.0-9.37.21fixed 4.0.0-9.37.21
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
- CVE-2021-22173Feb 17, 2021affected < 4.0.0-9.37.21fixed 4.0.0-9.37.21
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
- CVE-2021-22174Feb 17, 2021affected < 4.0.0-9.37.21fixed 4.0.0-9.37.21
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
- CVE-2020-26422Dec 21, 2020affected < 4.0.0-9.37.21fixed 4.0.0-9.37.21
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
- CVE-2020-26418Dec 11, 2020affected < 4.0.0-9.37.21fixed 4.0.0-9.37.21
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
- CVE-2020-26421Dec 11, 2020affected < 4.0.0-9.37.21fixed 4.0.0-9.37.21
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
- CVE-2020-26420Dec 11, 2020affected < 4.0.0-9.37.21fixed 4.0.0-9.37.21
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
- CVE-2020-26419Dec 11, 2020affected < 4.0.0-9.37.21fixed 4.0.0-9.37.21
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
- CVE-2020-15708Nov 6, 2020affected < 4.0.0-9.35.1fixed 4.0.0-9.35.1
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
- CVE-2020-25637Oct 6, 2020affected < 4.0.0-9.35.1fixed 4.0.0-9.35.1
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w
- CVE-2020-10703Jun 2, 2020affected < 4.0.0-9.32.1fixed 4.0.0-9.32.1
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as netwo