CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-10161 – libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
https://notcve.org/view.php?id=CVE-2019-10161
20 Jun 2019 — It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. Se detectó que libvirtd anterior a versiones 4.10.1 y 5.4.1, permitiría a clientes de solo l... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10166 – libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
https://notcve.org/view.php?id=CVE-2019-10166
20 Jun 2019 — It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed. Se detectó que libvirtd, versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, p... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 3CVE-2019-3840 – libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function
https://notcve.org/view.php?id=CVE-2019-3840
14 Mar 2019 — A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. Se ha descubierto un error de desreferencia de puntero NULL en libvirt, en versiones anteriores a la 5.0.0, en la forma en la que obtiene información de la interfaz mediante el agente QEMU. Un atacante en una máquina virtual invitada puede emplear este error para provocar el... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html • CWE-476: NULL Pointer Dereference •