CVSS: 9.8EPSS: 13%CPEs: 71EXPL: 0CVE-2012-4423 – libvirt: null function pointer invocation in virNetServerProgramDispatchCall()
https://notcve.org/view.php?id=CVE-2012-4423
19 Nov 2012 — The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table. La función virNetServerProgramDispatchCall en libvirt antes de v0.10.2 permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL y fallo de segmentación) a través de una llamada R... • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2012-3445 – libvirt: crash in virTypedParameterArrayClear
https://notcve.org/view.php?id=CVE-2012-3445
07 Aug 2012 — The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer. La función de virTypedParameterArrayClear en libvirt v0.9.13 no maneja adecuadamente virDomain* llamadas a la API con los parámetros tipo, permitiendo a usuarios remotos autentic... • http://lists.opensuse.org/opensuse-updates/2012-08/msg00023.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 67EXPL: 0CVE-2012-2693 – libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
https://notcve.org/view.php?id=CVE-2012-2693
17 Jun 2012 — libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices. libvirt, posiblemente anterior a v0.9.12, no se asignan adecuadamente los dispositivos USB a las máquinas virtuales cuando varios dispositivos tienen el mismo proveedor y la misma identificación de producto, lo que podría provocar que e... • http://rhn.redhat.com/errata/RHSA-2012-0748.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 58EXPL: 0CVE-2011-2511 – libvirt: integer overflow in VirDomainGetVcpus
https://notcve.org/view.php?id=CVE-2011-2511
10 Aug 2011 — Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. Desbordamiento de entero en libvirt anterior a v0.9.3 permite a usuarios autenticados remotamente provocar una denegación de servicio (caída libvirtd) y posiblemente ejecutar código arbitrario a través de una llamada manipulada VirDomainGetVcpus RPC que provoca corrupción de memor... • http://libvirt.org/news.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2178
https://notcve.org/view.php?id=CVE-2011-2178
10 Aug 2011 — The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression. La función virSecurityManagerGetPrivateData de security/security_manager.c en libvirt 0.8.8 hasta la 0.9.1 utiliza un argu... • http://libvirt.org/news.html •
CVSS: 9.8EPSS: 2%CPEs: 55EXPL: 0CVE-2011-1486 – libvirt: error reporting in libvirtd is not thread safe
https://notcve.org/view.php?id=CVE-2011-1486
31 May 2011 — libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time. libvirtd de libvirt en versiones anteriores a la 0.9.0 no utiliza el reporte de errores "thread-safe", lo que permite a atacantes remotos provocar una denegación de servicio (caída) provocando que múltiples hilos reporten errores al mismo tiempo. • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 0CVE-2011-1146 – libvirt: several API calls do not honour read-only connection
https://notcve.org/view.php?id=CVE-2011-1146
15 Mar 2011 — libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086. libvirt.c en la API de Red Hat libvirt v0.8.8 no restringe co... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2010-2239 – libvirt: not setting user defined backing store format when creating new image
https://notcve.org/view.php?id=CVE-2010-2239
19 Aug 2010 — Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors. Red Hat libvirt, posiblemente v0.6.0 hasta v0.8.2, crea nuevas imagenes sin configurar el formato definido por el usuario backing-store, lo que permite a usuarios invitados al SO leer ficheros de su elección en el SO anfitrión a través de vectores sin especificar. • http://libvirt.org/news.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-2238
https://notcve.org/view.php?id=CVE-2010-2238
19 Aug 2010 — Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. Red Hat libvirt, posiblemente v0.7.2 hasta v0.8.2, se repite en almacenes de respaldo de imagen de disco sin extraer el formato de disco de respaldo definido, lo cual puede permitir a usuarios invitados del Sistema Operativo leer... • http://libvirt.org/news.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2010-2237
https://notcve.org/view.php?id=CVE-2010-2237
19 Aug 2010 — Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. Red Hat libvirt, posiblemente v0.6.1 hasta v0.8.2, busca almacenes de respaldo de discos sin hacer referencia al formato del disco definido por el usuario principal, lo que podría permitir a usuarios invitados al SO leer ficheros de su elecci... • http://libvirt.org/news.html • CWE-264: Permissions, Privileges, and Access Controls •