| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2014-1447 |
362 |
|
DoS |
2014-01-24 |
2015-01-03 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. |
|
2 |
CVE-2014-0179 |
20 |
|
DoS |
2014-08-03 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. |
|
3 |
CVE-2013-6458 |
362 |
|
DoS |
2014-01-24 |
2015-01-03 |
6.8 |
None |
Local Network |
High |
Not required |
Complete |
Complete |
Complete |
|
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. |
|
4 |
CVE-2013-6457 |
264 |
|
DoS Exec Code |
2014-01-24 |
2015-01-03 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
|
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command. |
|
5 |
CVE-2013-5651 |
119 |
|
DoS Overflow |
2013-09-30 |
2015-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune. |
|
6 |
CVE-2013-4399 |
|
|
DoS |
2014-12-12 |
2014-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection. |
|
7 |
CVE-2013-4297 |
119 |
|
DoS Overflow |
2013-09-30 |
2015-01-02 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. |
|
8 |
CVE-2013-4296 |
119 |
|
DoS Overflow |
2013-09-30 |
2019-04-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. |
|
9 |
CVE-2013-2230 |
20 |
|
DoS |
2013-09-30 |
2013-10-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration." |
|
10 |
CVE-2013-1766 |
264 |
|
|
2013-03-20 |
2013-03-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. |
|
11 |
CVE-2012-4423 |
|
|
DoS |
2012-11-19 |
2013-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table. |
|
12 |
CVE-2012-2693 |
264 |
|
|
2012-06-17 |
2013-01-15 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices. |
|
13 |
CVE-2011-4600 |
284 |
|
Bypass |
2016-04-14 |
2016-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. |
