CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10167 – libvirt: arbitrary command execution via virConnectGetDomainCapabilities API
https://notcve.org/view.php?id=CVE-2019-10167
20 Jun 2019 — The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. La API libvirt de la función virConnectGetDomainCapabilities(), versiones 4.x.x anteriore... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10168 – libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
https://notcve.org/view.php?id=CVE-2019-10168
20 Jun 2019 — The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. Las APIs libvirt de las funciones virConnectBaselineHypervisorCP... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1CVE-2019-3886 – Ubuntu Security Notice USN-4021-1
https://notcve.org/view.php?id=CVE-2019-3886
04 Apr 2019 — An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. Se ha descubierto una comprobación de permisos incorrecta en versiones de libvirt 4.8.0 y superiores. Se ha permitido que el permiso de solo lectura invoque API dependiendo del agente invitado, lo que podría conducir a una potencial divulgac... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html • CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 3CVE-2019-3840 – libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function
https://notcve.org/view.php?id=CVE-2019-3840
14 Mar 2019 — A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. Se ha descubierto un error de desreferencia de puntero NULL en libvirt, en versiones anteriores a la 5.0.0, en la forma en la que obtiene información de la interfaz mediante el agente QEMU. Un atacante en una máquina virtual invitada puede emplear este error para provocar el... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html • CWE-476: NULL Pointer Dereference •