CVSS: 3.7EPSS: 0%CPEs: 67EXPL: 0CVE-2012-2693 – libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
https://notcve.org/view.php?id=CVE-2012-2693
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices. libvirt, posiblemente anterior a v0.9.12, no se asignan adecuadamente los dispositivos USB a las máquinas virtuales cuando varios dispositivos tienen el mismo proveedor y la misma identificación de producto, lo que podría provocar que el dispositivo equivocado sea asociado con un invitado lo que podría podría permitir a usuarios locales acceder a los dispositivos USB no deseados. • http://rhn.redhat.com/errata/RHSA-2012-0748.html http://rhn.redhat.com/errata/RHSA-2013-0127.html http://www.openwall.com/lists/oss-security/2012/06/11/2 http://www.openwall.com/lists/oss-security/2012/06/11/3 https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html https://access.redhat.com/security/cve/CVE-2012-2693 https://bugzilla.redhat.com/show_bug.cgi?id=831164 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 2%CPEs: 58EXPL: 0CVE-2011-2511 – libvirt: integer overflow in VirDomainGetVcpus
https://notcve.org/view.php?id=CVE-2011-2511
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. Desbordamiento de entero en libvirt anterior a v0.9.3 permite a usuarios autenticados remotamente provocar una denegación de servicio (caída libvirtd) y posiblemente ejecutar código arbitrario a través de una llamada manipulada VirDomainGetVcpus RPC que provoca corrupción de memoria. • http://libvirt.org/news.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html http://secunia.com/advisories/45375 http://secunia.com/advisories/45441 http://secunia.com/advisories/45446 http://www.debian.org/security/2011/dsa-2280 http://www.openwall.com/lists/oss-security/2011/06/28/9 http://www.redhat.com/support/errata/RHSA-2011-1019.html http://www.redhat.com& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2178
https://notcve.org/view.php?id=CVE-2011-2178
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression. La función virSecurityManagerGetPrivateData de security/security_manager.c en libvirt 0.8.8 hasta la 0.9.1 utiliza un argumento erróneo para una llamada "sizeof", lo que provoca un procesado incorrecto de "datos privados de gestión de la seguridad" que reabre un análisis de disco y pueden permitir a usuarios invitados del SO leer archivos arbitarrios en del OS anfitrión. NOTA: esta vulnerabilidad existe debido a una regresión de la CVE-2010-2238. • http://libvirt.org/news.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html http://www.ubuntu.com/usn/USN-1152-1 https://bugzilla.redhat.com/show_bug.cgi?id=709769 https://bugzilla.redhat.com/show_bug.cgi?id=709775 https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html •
CVSS: 3.3EPSS: 2%CPEs: 55EXPL: 0CVE-2011-1486 – libvirt: error reporting in libvirtd is not thread safe
https://notcve.org/view.php?id=CVE-2011-1486
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time. libvirtd de libvirt en versiones anteriores a la 0.9.0 no utiliza el reporte de errores "thread-safe", lo que permite a atacantes remotos provocar una denegación de servicio (caída) provocando que múltiples hilos reporten errores al mismo tiempo. • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670 http://secunia.com/advisories/44459 http://securitytracker.com/id?1025477 http://support.avaya.com/css/P8/documents/100134583 http://www.debian.org/security/2011/dsa-2280 http://www.redhat.com/support/errata/RHSA-2011-0478.html http://www.redhat.com/support/errata/RHSA-2011-0479.html http://www.securityfocus.com/bid/47148 http://www.ubuntu.com/usn/USN-1152-1 https://bugzilla.redhat. • CWE-399: Resource Management Errors •
CVSS: 6.9EPSS: 7%CPEs: 1EXPL: 0CVE-2011-1146 – libvirt: several API calls do not honour read-only connection
https://notcve.org/view.php?id=CVE-2011-1146
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086. libvirt.c en la API de Red Hat libvirt v0.8.8 no restringe correctamente las operaciones en una conexión de solo lectura, lo que podría permitir a atacantes remotos provocar una denegación de servicio (caida del sistema operativo) o posiblemente ejecutar código de su elección a través de una llamada (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, o (6) virConnectDomainXMLToNative, una vulnerabilidad diferente de CVE-2008-5086. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773 http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=71753cb7f7a16ff800381c0b5ee4e99eea92fed3 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056209.html http://lists.opensuse.org/opensuse-updates/2011-04/msg00022.html http://openwall.com/lists/oss-security/2011/03/09/3 http://openwall.com/lists/oss-security/2011/03/10/5 http://secunia.com/advisories/43670 http://secunia.com/advisories/43780 http://secunia& • CWE-264: Permissions, Privileges, and Access Controls •