CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2013-6436 – Ubuntu Security Notice USN-2093-1
https://notcve.org/view.php?id=CVE-2013-6436
07 Jan 2014 — The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. El método lxcDomainGetMemoryParameters en lxc/lxc_driver.c en libvirt 1.0.5 a 1.2.0 no comprueba correctamente el estado de invitados LXC cuando lee configura... • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-4401 – Ubuntu Security Notice USN-2026-1
https://notcve.org/view.php?id=CVE-2013-4401
02 Nov 2013 — The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. La función de la API virConnectDomainXMLToNative en libvirt versiones 1.1.0 hasta 1.1.3, comprueba el permiso connect:read en lugar del permiso connect:write, que permite a los atacantes ... • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2013-4239
https://notcve.org/view.php?id=CVE-2013-4239
30 Sep 2013 — The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function. La función xenDaemonListDefinedDomains en xen/xend_internal.c en libvirt 1.1.1 permite a usuarios autenticados remotamente causar denegación de servicio (corrupción de memoria y caída) a través de vectores que involucran la función virConnectListDefinedDomains API. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=0e671a16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4291
https://notcve.org/view.php?id=CVE-2013-4291
30 Sep 2013 — The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges. La función virSecurityManagerSetProcessLabel en libvirt 0.10.2.7, 1.0.5.5, y 1.1.1, cuando el dominio ha leído una etiqueta uid:gid, no establece adecuadamente las pertenencias a grupos, lo que permite a usuarios locales ganar privilegios. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4292 – Gentoo Linux Security Advisory 201412-04
https://notcve.org/view.php?id=CVE-2013-4292
30 Sep 2013 — libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c. libvirt 1.1.0 y 1.1.1 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) através de la migracion de parámetros en un gran cantidad de dominios en ciertas llamadas RPC en (1) daemon/remote.c y (2) remote/remote_driver.c. Multiple vulnerabilities have been found i... • http://libvirt.org/news.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 95EXPL: 1CVE-2013-4297 – Gentoo Linux Security Advisory 201412-04
https://notcve.org/view.php?id=CVE-2013-4297
30 Sep 2013 — The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. La función virFileNBDDeviceAssociate en util/virfile.c en libvirt v1.1.2 y anteriores permite a usuarios autenticados remotamente provocar una denegación de servicio (referencia a puntero no inicializado y caída) a través de vectores no especificados. Multiple vulnerabilities have been found... • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=2dba0323ff0cec31bdcea9dd3b2428af297401f2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 106EXPL: 1CVE-2013-5651 – Gentoo Linux Security Advisory 201412-04
https://notcve.org/view.php?id=CVE-2013-5651
18 Sep 2013 — The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune. La función virBitmapParse en util/virbitmap.c en libvirt anterior a v1.1.2 permite a atacantes dependientes del contexto provocar una denegación de servicio (lectura fuera de rango y caída) a través de un mapa de bits manipulado, como se demostró mediante un valor larg... • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 3%CPEs: 35EXPL: 0CVE-2013-4296 – libvirt: invalid free in remoteDispatchDomainMemoryStats
https://notcve.org/view.php?id=CVE-2013-4296
18 Sep 2013 — The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. La funcion remoteDispatchDomainMemoryStats en daemon/remote.c de libvirt 0.9.1 hasta 0.10.1.x, 0.10.2.x anterior a 0.10.2.8, 1.0.x anterior a 1.0.5.6, y 1.1.x anterior 1.1.2 permite a usuarios remotos autentic... • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •