CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4400 – Gentoo Linux Security Advisory 201412-04
https://notcve.org/view.php?id=CVE-2013-4400
09 Dec 2013 — virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. virt-login-shell en libvirt v1.1.2 hasta v1.1.3 permite a usuarios locales sobreescribir ficheros aleatorios y posiblemente obtener privilegios a través de variables de entorno no especificadas o argumentos de línea de comandos. Multiple vulnerabilities have been found in libvirt, worst of which allows context-dependent ... • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-4401 – Ubuntu Security Notice USN-2026-1
https://notcve.org/view.php?id=CVE-2013-4401
02 Nov 2013 — The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. La función de la API virConnectDomainXMLToNative en libvirt versiones 1.1.0 hasta 1.1.3, comprueba el permiso connect:read en lugar del permiso connect:write, que permite a los atacantes ... • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 2CVE-2013-2218 – libvirt - 'virConnectListAllInterfaces' Method Denial of Service
https://notcve.org/view.php?id=CVE-2013-2218
30 Sep 2013 — Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command. Vulnerabilidad de doble liberación en el método virConnectListAllInterfaces en interface/interface_backend_netcf.c de libvirt 1.0.6 permite a atacantes remotos causar una denegación de servicio (... • https://www.exploit-db.com/exploits/38622 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 93EXPL: 0CVE-2013-2230
https://notcve.org/view.php?id=CVE-2013-2230
30 Sep 2013 — The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration." El controlador qemu (qemu/qemu_driver.c) en libvirt anteriores a 1.1.1 permite a usuarios autenticados remotos causar una denegación de servicio (caída del demonio) a través de vectores no especificados que involucran "multiple events registration". • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f38c8185f97720ecae7ef2291fbaa5d6b0209e17 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2013-4153
https://notcve.org/view.php?id=CVE-2013-4153
30 Sep 2013 — Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command. Vulnerabilidad de doble liberación en la función qemuAgentGetVCPUs de qemu/qemu_agent.c en libvirt 1.0.6 hasta la versión 1.1.0 permite a atacantes remotos causar una denegación de servicio (cuelgue del demonio) a través de una solicitud de recu... • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=dfc692350a04a70b4ca65667c30869b3bfdaf034 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2013-4154
https://notcve.org/view.php?id=CVE-2013-4154
30 Sep 2013 — The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command. La función qemuAgentCommand en libvirt anteriores a 1.1.1, cuando no es configurado un agente invitado, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y cuelgue) a través ... • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=96518d4316b711c72205117f8d5c967d5127bbb6 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2013-4239
https://notcve.org/view.php?id=CVE-2013-4239
30 Sep 2013 — The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function. La función xenDaemonListDefinedDomains en xen/xend_internal.c en libvirt 1.1.1 permite a usuarios autenticados remotamente causar denegación de servicio (corrupción de memoria y caída) a través de vectores que involucran la función virConnectListDefinedDomains API. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=0e671a16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4291
https://notcve.org/view.php?id=CVE-2013-4291
30 Sep 2013 — The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges. La función virSecurityManagerSetProcessLabel en libvirt 0.10.2.7, 1.0.5.5, y 1.1.1, cuando el dominio ha leído una etiqueta uid:gid, no establece adecuadamente las pertenencias a grupos, lo que permite a usuarios locales ganar privilegios. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4292 – Gentoo Linux Security Advisory 201412-04
https://notcve.org/view.php?id=CVE-2013-4292
30 Sep 2013 — libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c. libvirt 1.1.0 y 1.1.1 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) através de la migracion de parámetros en un gran cantidad de dominios en ciertas llamadas RPC en (1) daemon/remote.c y (2) remote/remote_driver.c. Multiple vulnerabilities have been found i... • http://libvirt.org/news.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 95EXPL: 1CVE-2013-4297 – Gentoo Linux Security Advisory 201412-04
https://notcve.org/view.php?id=CVE-2013-4297
30 Sep 2013 — The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. La función virFileNBDDeviceAssociate en util/virfile.c en libvirt v1.1.2 y anteriores permite a usuarios autenticados remotamente provocar una denegación de servicio (referencia a puntero no inicializado y caída) a través de vectores no especificados. Multiple vulnerabilities have been found... • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=2dba0323ff0cec31bdcea9dd3b2428af297401f2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •