Page 5 of 74 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. Se ha descubierto una comprobación de permisos incorrecta en versiones de libvirt 4.8.0 y superiores. Se ha permitido que el permiso de solo lectura invoque API dependiendo del agente invitado, lo que podría conducir a una potencial divulgación de información no intencionada o una denegación de servicio (DoS) provocando un bloqueo de libvirt. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html http://www.securityfocus.com/bid/107777 https://access.redhat.com/errata/RHBA-2019:3723 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH https://usn.ubuntu.com/4021-1 • CWE-862: Missing Authorization •

CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 3

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. Se ha descubierto un error de desreferencia de puntero NULL en libvirt, en versiones anteriores a la 5.0.0, en la forma en la que obtiene información de la interfaz mediante el agente QEMU. Un atacante en una máquina virtual invitada puede emplear este error para provocar el cierre inesperado de libvirtd y provocar una denegación de servicio (DoS). A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html https://access.redhat.com/errata/RHSA-2019:2294 https://bugzilla.redhat.com/show_bug.cgi?id=1663051 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7 https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html https& • CWE-476: NULL Pointer Dereference •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service. Se ha detectado un defecto de desferencia del puntero NULL en la forma en la que libvirt desde la versión 2.5.0 hasta la 3.0.0 manejaba las unidades vacías. Un atacante autenticado remoto podría usar este defecto para provocar el cierre inesperado del demonio libvirtd, lo que provocaría una denegación de servicio (DoS). • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635 https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=c3de387380f6057ee0e46cd9f2f0a092e8070875 • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. libvirt, en versiones anteriores a la 4.2.0-rc1 es vulnerable a un agotamiento de recursos como resultado de una solución incompleta para CVE-2018-5748 que afecta al monitor QEMU, pero que ahora también puede desencadenarse mediante el agente invitado de QEMU. An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent. • https://access.redhat.com/errata/RHSA-2018:1396 https://access.redhat.com/errata/RHSA-2018:1929 https://bugzilla.redhat.com/show_bug.cgi?id=1550672 https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513 https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html https://usn.ubuntu.com/3680-1 https://www.debian.org/security/2018/dsa-4137 https://access.redhat.com/security/cve/CVE-2018-1064 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. libvirt en sus versiones 2.3.0 y posteriores es vulnerable a una mala configuración por defecto de "verify-peer=no" que libvirt pasa a QEMU. Esto da lugar a un error a la hora de validar certificados SSL/TLS por defecto. • http://www.debian.org/security/2017/dsa-4003 https://access.redhat.com/security/cve/CVE-2017-1000256 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html • CWE-295: Improper Certificate Validation •