Vulnerabilities in Libvirt
7 resultsCVE-2018-1064—libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMUEPSS 3.0%CVE-2020-10703MEDIUMA NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fEPSS 2.4%CVE-2019-10132HIGHA vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode coEPSS 1.4%CVE-2019-10168HIGHThe virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept EPSS 0.5%CVE-2019-10167HIGHThe virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument toEPSS 0.5%CVE-2019-10161HIGHIt was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() APEPSS 0.5%CVE-2019-10166HIGHIt was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManaEPSS 0.5%