CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-10703 – libvirt: Potential denial of service via active pool without target path
https://notcve.org/view.php?id=CVE-2020-10703
21 May 2020 — A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. Se detectó una desreferencia del puntero NULL en la A... • https://bugzilla.redhat.com/show_bug.cgi?id=1790725 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12430 – Ubuntu Security Notice USN-4371-1
https://notcve.org/view.php?id=CVE-2020-12430
28 Apr 2020 — An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. Se descubrió un problema en la función qemuDomainGetStatsIOThread en el archivo qemu/qemu_dr... • https://bugzilla.redhat.com/show_bug.cgi?id=1804548 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-20485 – libvirt: Potential DoS by holding a monitor job while querying QEMU guest-agent
https://notcve.org/view.php?id=CVE-2019-20485
19 Mar 2020 — qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). El archivo qemu/qemu_driver.c en libvirt versiones anteriores a 6.0.0, maneja inapropiadamente la conservación de un trabajo de monitoreo durante una consulta a un agente invitado, lo que permite a atacantes causar una denegación de servicio (bloqueo de la API). A flaw was found in the way the libvirtd daemon issued the 'suspe... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-10161 – libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
https://notcve.org/view.php?id=CVE-2019-10161
20 Jun 2019 — It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. Se detectó que libvirtd anterior a versiones 4.10.1 y 5.4.1, permitiría a clientes de solo l... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10166 – libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
https://notcve.org/view.php?id=CVE-2019-10166
20 Jun 2019 — It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed. Se detectó que libvirtd, versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, p... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10167 – libvirt: arbitrary command execution via virConnectGetDomainCapabilities API
https://notcve.org/view.php?id=CVE-2019-10167
20 Jun 2019 — The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. La API libvirt de la función virConnectGetDomainCapabilities(), versiones 4.x.x anteriore... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10168 – libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
https://notcve.org/view.php?id=CVE-2019-10168
20 Jun 2019 — The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. Las APIs libvirt de las funciones virConnectBaselineHypervisorCP... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2019-10132 – libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter
https://notcve.org/view.php?id=CVE-2019-10132
22 May 2019 — A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. Se encontró una vulnerabilidad en libvirt > = 4.1.0 en las unidades virtlockd-admin. Socket y virtlogd-admin. Socket systemd. • https://access.redhat.com/errata/RHSA-2019:1264 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10746
https://notcve.org/view.php?id=CVE-2016-10746
18 Apr 2019 — libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. libvirt-domain.c en libvirt versiones anteriores a la 1.3.1 soporta las llamadas a la API virDomainGetTime por agentes invitados con una conexión RO, aunque se suponía que se requería una conexión RW, es una vulnerabilidad diferente de CVE-2019-3886. • https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f • CWE-254: 7PK - Security Features •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1CVE-2019-3886 – Ubuntu Security Notice USN-4021-1
https://notcve.org/view.php?id=CVE-2019-3886
04 Apr 2019 — An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. Se ha descubierto una comprobación de permisos incorrecta en versiones de libvirt 4.8.0 y superiores. Se ha permitido que el permiso de solo lectura invoque API dependiendo del agente invitado, lo que podría conducir a una potencial divulgac... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html • CWE-862: Missing Authorization •