Max CVSS 7.2 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2013-1962 5.0
The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particula
13-02-2023 - 04:42 29-05-2013 - 00:55
CVE-2013-0170 6.8
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (c
13-02-2023 - 04:38 08-02-2013 - 20:55
CVE-2011-2511 4.0
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
13-02-2023 - 04:31 10-08-2011 - 20:55
CVE-2011-1486 3.3
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.
13-02-2023 - 01:19 31-05-2011 - 20:55
CVE-2011-1146 6.9
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettac
13-02-2023 - 01:19 15-03-2011 - 17:55
CVE-2014-3657 5.0
The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the
13-02-2023 - 00:41 06-10-2014 - 14:55
CVE-2014-0179 1.9
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompa
13-02-2023 - 00:35 03-08-2014 - 18:55
CVE-2012-4423 5.0
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whos
13-02-2023 - 00:26 19-11-2012 - 12:10
CVE-2012-3411 5.0
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
13-02-2023 - 00:25 05-03-2013 - 21:38
CVE-2018-3639 2.1
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
13-08-2021 - 15:26 22-05-2018 - 12:29
CVE-2019-10161 7.2
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attac
25-03-2021 - 14:09 30-07-2019 - 23:15
CVE-2018-5748 5.0
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
15-10-2020 - 13:28 25-01-2018 - 16:29
CVE-2019-10161 7.2
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attac
30-09-2020 - 14:47 30-07-2019 - 23:15
CVE-2019-11091 4.7
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
24-08-2020 - 17:37 30-05-2019 - 16:29
CVE-2013-4311 4.6
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2)
22-04-2019 - 17:48 03-10-2013 - 21:55
CVE-2014-5177 1.2
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the
22-04-2019 - 17:48 03-08-2014 - 18:55
CVE-2013-7336 1.9
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and li
30-10-2018 - 16:27 07-05-2014 - 10:55
CVE-2014-7823 5.0
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
03-01-2017 - 02:59 13-11-2014 - 21:32
CVE-2014-1447 3.3
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
03-01-2015 - 01:44 24-01-2014 - 18:55
CVE-2012-3445 3.5
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams
22-03-2013 - 03:11 07-08-2012 - 21:55
CVE-2012-2693 3.7
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to acces
15-01-2013 - 04:30 17-06-2012 - 03:41
Back to Top Mark selected
Back to Top