rpm package
suse/libvirt&distro=SUSE Linux Enterprise Server 11 SP4-LTSS
pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10161 | — | < 1.2.5-23.20.1 | 1.2.5-23.20.1 | Jul 30, 2019 | It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirt | ||
| CVE-2016-10746 | — | < 1.2.5-23.24.1 | 1.2.5-23.24.1 | Apr 18, 2019 | libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | ||
| CVE-2019-3886 | — | < 1.2.5-23.20.1 | 1.2.5-23.20.1 | Apr 4, 2019 | An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. |
- CVE-2019-10161Jul 30, 2019affected < 1.2.5-23.20.1fixed 1.2.5-23.20.1
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirt
- CVE-2016-10746Apr 18, 2019affected < 1.2.5-23.24.1fixed 1.2.5-23.24.1
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
- CVE-2019-3886Apr 4, 2019affected < 1.2.5-23.20.1fixed 1.2.5-23.20.1
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.