Skip to main content

Libvirt

60 CVEs product

Monthly

CVE-2024-2496 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Libvirt Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3750 MEDIUM This Month

A flaw was found in libvirt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Libvirt Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-2700 MEDIUM PATCH This Month

A vulnerability was found in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Libvirt Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0897 MEDIUM This Month

A flaw was found in the libvirt nwfilter driver. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-3559 MEDIUM PATCH This Month

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libvirt Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-14339 HIGH PATCH This Week

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Libvirt Enterprise Linux
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-25637 MEDIUM PATCH This Month

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Libvirt Leap
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-10703 MEDIUM POC PATCH This Month

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libvirt
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-12430 MEDIUM PATCH This Month

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Libvirt Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-10168 HIGH This Week

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10167 HIGH This Week

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10166 HIGH This Week

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Libvirt Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10161 HIGH PATCH This Week

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Denial Of Service Libvirt Enterprise Linux Virtualization +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10132 HIGH PATCH This Week

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Libvirt Fedora
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-3886 MEDIUM POC This Month

An incorrect permissions check was discovered in libvirt 4.8.0 and above. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Libvirt Leap Fedora
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-3840 MEDIUM POC This Month

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libvirt Leap
NVD
CVSS 3.0
6.3
EPSS
1.5%
CVE-2018-1064 HIGH PATCH This Week

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Debian Linux Libvirt
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-6764 HIGH PATCH This Week

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Libvirt Debian Linux Virtualization Enterprise Linux Desktop +3
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-5748 HIGH PATCH This Week

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Libvirt Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2017-1000256 HIGH This Week

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Libvirt Debian Linux
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2016-5008 CRITICAL Act Now

libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Libvirt Debian Linux
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2014-3672 MEDIUM This Month

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libvirt Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2015-5247 MEDIUM This Month

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Libvirt Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2015-5313 LOW PATCH Monitor

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows. Rated low severity (CVSS 2.5). This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Libvirt
NVD
CVSS 3.0
2.5
EPSS
0.1%
CVE-2015-0236 LOW PATCH Monitor

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mageia Libvirt Ubuntu Linux Enterprise Linux Desktop +3
NVD
CVSS 2.0
3.5
EPSS
0.7%
CVE-2014-8131 MEDIUM This Month

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Libvirt
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-8136 LOW Monitor

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Mageia Libvirt Ubuntu Linux +5
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8135 LOW POC Monitor

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libvirt
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4399 MEDIUM PATCH This Month

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Libvirt
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-7823 MEDIUM PATCH This Month

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Libvirt
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3657 MEDIUM This Month

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-3633 MEDIUM This Month

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Libvirt
NVD
CVSS 2.0
5.8
EPSS
2.9%
CVE-2014-5177 LOW PATCH Monitor

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity. Rated low severity (CVSS 1.2).

XXE Enterprise Virtualization Opensuse Enterprise Linux Libvirt
NVD
CVSS 2.0
1.2
EPSS
0.1%
CVE-2014-0179 LOW PATCH Monitor

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction. Rated low severity (CVSS 1.9).

Denial Of Service XXE Libvirt Enterprise Virtualization Opensuse +1
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-7336 LOW PATCH Monitor

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a. Rated low severity (CVSS 1.9).

Denial Of Service Libvirt Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-6456 MEDIUM This Month

The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the. Rated medium severity (CVSS 5.8). No vendor patch available.

Denial Of Service Libvirt Fedora
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1447 LOW Monitor

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

Denial Of Service Race Condition Libvirt
NVD
CVSS 2.0
3.3
EPSS
11.7%
CVE-2014-0028 MEDIUM This Month

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a. Rated medium severity (CVSS 4.3). No vendor patch available.

Privilege Escalation Libvirt
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-6458 MEDIUM This Month

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify. Rated medium severity (CVSS 6.8). No vendor patch available.

Denial Of Service Race Condition Libvirt
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-6457 MEDIUM This Month

The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service RCE Libvirt
NVD
CVSS 2.0
5.2
EPSS
0.1%
CVE-2013-6436 LOW Monitor

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Libvirt
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4400 HIGH PATCH This Week

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Libvirt
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-4401 HIGH PATCH This Week

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Privilege Escalation Libvirt
NVD
CVSS 2.0
8.5
EPSS
1.5%
CVE-2013-4311 MEDIUM PATCH This Month

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Libvirt Ubuntu Linux Enterprise Linux
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2013-5651 MEDIUM POC PATCH This Month

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Libvirt
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-4297 MEDIUM POC This Month

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libvirt
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-4296 MEDIUM PATCH This Month

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Libvirt Ubuntu Linux Enterprise Linux
NVD
CVSS 2.0
4.0
EPSS
3.3%
CVE-2013-4292 LOW Monitor

libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4291 MEDIUM PATCH This Month

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to. Rated medium severity (CVSS 6.9).

Privilege Escalation Libvirt
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-4239 MEDIUM POC This Month

The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libvirt
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-4154 MEDIUM POC PATCH This Month

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libvirt
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4153 MEDIUM POC PATCH This Month

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Libvirt
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-2230 MEDIUM PATCH This Month

The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libvirt
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-2218 MEDIUM POC PATCH THREAT This Month

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Denial Of Service Libvirt
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
10.8%
CVE-2013-1962 MEDIUM This Month

The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
CVSS 2.0
5.0
EPSS
3.8%
CVE-2013-1766 LOW Monitor

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2013-0170 MEDIUM PATCH This Month

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 20.2%.

RCE Denial Of Service Memory Corruption Use After Free Libvirt +10
NVD
CVSS 2.0
6.8
EPSS
20.2%
CVE-2012-4423 MEDIUM This Month

The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
CVSS 2.0
5.0
EPSS
2.9%
CVE-2012-3445 LOW Monitor

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Libvirt
NVD
CVSS 2.0
3.5
EPSS
1.3%
CVE-2012-2693 LOW PATCH Monitor

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be. Rated low severity (CVSS 3.7).

Privilege Escalation Libvirt
NVD
CVSS 2.0
3.7
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Libvirt +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A flaw was found in libvirt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Libvirt Enterprise Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability was found in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Libvirt Fedora +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A flaw was found in the libvirt nwfilter driver. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt Ontap Select Deploy Administration Utility
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libvirt Ontap Select Deploy Administration Utility
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Libvirt Enterprise Linux
NVD
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Libvirt Leap
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libvirt
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Libvirt Enterprise Linux
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt Enterprise Linux +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt Enterprise Linux +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Libvirt Enterprise Linux +7
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Denial Of Service Libvirt +4
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Libvirt Fedora
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An incorrect permissions check was discovered in libvirt 4.8.0 and above. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Libvirt +2
NVD
EPSS 2% CVSS 6.3
MEDIUM POC This Month

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libvirt +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Debian Linux Libvirt
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Libvirt Debian Linux +5
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Libvirt Debian Linux +6
NVD
EPSS 1% CVSS 8.1
HIGH This Week

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Libvirt Debian Linux
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Libvirt Debian Linux
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libvirt Xen
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Libvirt +1
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows. Rated low severity (CVSS 2.5). This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Libvirt
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mageia Libvirt +5
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Libvirt
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Mageia +7
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libvirt
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Libvirt
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Libvirt
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
EPSS 3% CVSS 5.8
MEDIUM This Month

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux +1
NVD
EPSS 0% CVSS 1.2
LOW PATCH Monitor

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity. Rated low severity (CVSS 1.2).

XXE Enterprise Virtualization Opensuse +2
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction. Rated low severity (CVSS 1.9).

Denial Of Service XXE Libvirt +3
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a. Rated low severity (CVSS 1.9).

Denial Of Service Libvirt Opensuse
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the. Rated medium severity (CVSS 5.8). No vendor patch available.

Denial Of Service Libvirt Fedora
NVD VulDB
EPSS 12% CVSS 3.3
LOW Monitor

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

Denial Of Service Race Condition Libvirt
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a. Rated medium severity (CVSS 4.3). No vendor patch available.

Privilege Escalation Libvirt
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify. Rated medium severity (CVSS 6.8). No vendor patch available.

Denial Of Service Race Condition Libvirt
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service RCE +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Libvirt
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Libvirt
NVD
EPSS 1% CVSS 8.5
HIGH PATCH This Week

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Privilege Escalation Libvirt
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Libvirt Ubuntu Linux +1
NVD
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Libvirt
NVD
EPSS 1% CVSS 4.0
MEDIUM POC This Month

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libvirt
NVD
EPSS 3% CVSS 4.0
MEDIUM PATCH This Month

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Libvirt +2
NVD
EPSS 0% CVSS 2.1
LOW Monitor

libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to. Rated medium severity (CVSS 6.9).

Privilege Escalation Libvirt
NVD
EPSS 1% CVSS 4.0
MEDIUM POC This Month

The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libvirt
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libvirt
NVD
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Libvirt
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libvirt
NVD
EPSS 11% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Denial Of Service Libvirt
NVD Exploit-DB
EPSS 4% CVSS 5.0
MEDIUM This Month

The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
EPSS 0% CVSS 3.6
LOW Monitor

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt
NVD
EPSS 20% CVSS 6.8
MEDIUM PATCH This Month

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 20.2%.

RCE Denial Of Service Memory Corruption +12
NVD
EPSS 3% CVSS 5.0
MEDIUM This Month

The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
EPSS 1% CVSS 3.5
LOW Monitor

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Libvirt
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be. Rated low severity (CVSS 3.7).

Privilege Escalation Libvirt
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy