CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2020-14301 – libvirt: leak of sensitive cookie information via dumpxml
https://notcve.org/view.php?id=CVE-2020-14301
04 Nov 2020 — An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. Se encontró una vulnerabilidad de divulgación de información en libvirt en versiones anteriores a 6.3.0. Las cookies HTTP usadas para acceder a los discos basados ?? • https://bugzilla.redhat.com/show_bug.cgi?id=1848640 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25637 – libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c
https://notcve.org/view.php?id=CVE-2020-25637
06 Oct 2020 — A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to dat... • https://github.com/brahmiboudjema/CVE-2020-25637-libvirt-double-free • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14339 – libvirt: leak of /dev/mapper/control into QEMU guests
https://notcve.org/view.php?id=CVE-2020-14339
01 Sep 2020 — A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró... • https://bugzilla.redhat.com/show_bug.cgi?id=1860069 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-10703 – libvirt: Potential denial of service via active pool without target path
https://notcve.org/view.php?id=CVE-2020-10703
21 May 2020 — A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. Se detectó una desreferencia del puntero NULL en la A... • https://bugzilla.redhat.com/show_bug.cgi?id=1790725 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12430 – Ubuntu Security Notice USN-4371-1
https://notcve.org/view.php?id=CVE-2020-12430
28 Apr 2020 — An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. Se descubrió un problema en la función qemuDomainGetStatsIOThread en el archivo qemu/qemu_dr... • https://bugzilla.redhat.com/show_bug.cgi?id=1804548 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-20485 – libvirt: Potential DoS by holding a monitor job while querying QEMU guest-agent
https://notcve.org/view.php?id=CVE-2019-20485
19 Mar 2020 — qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). El archivo qemu/qemu_driver.c en libvirt versiones anteriores a 6.0.0, maneja inapropiadamente la conservación de un trabajo de monitoreo durante una consulta a un agente invitado, lo que permite a atacantes causar una denegación de servicio (bloqueo de la API). A flaw was found in the way the libvirtd daemon issued the 'suspe... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-10161 – libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
https://notcve.org/view.php?id=CVE-2019-10161
20 Jun 2019 — It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. Se detectó que libvirtd anterior a versiones 4.10.1 y 5.4.1, permitiría a clientes de solo l... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10166 – libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
https://notcve.org/view.php?id=CVE-2019-10166
20 Jun 2019 — It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed. Se detectó que libvirtd, versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, p... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10167 – libvirt: arbitrary command execution via virConnectGetDomainCapabilities API
https://notcve.org/view.php?id=CVE-2019-10167
20 Jun 2019 — The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. La API libvirt de la función virConnectGetDomainCapabilities(), versiones 4.x.x anteriore... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10168 – libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
https://notcve.org/view.php?id=CVE-2019-10168
20 Jun 2019 — The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. Las APIs libvirt de las funciones virConnectBaselineHypervisorCP... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control •