Redhat: >> Libvirt >> 2.5.0 Security Vulnerabilities
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
CVSS Score
7.7
EPSS Score
0.003
Published
2018-08-22
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-03-28
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
CVSS Score
8.1
EPSS Score
0.008
Published
2017-10-31
Page 2