Shodan
Vulnerabilities
Vulnerable Software
Redhat:  >> Libvirt  >> 1.2.9.1  Security Vulnerabilities
CVE-2019-3840
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
CVSS Score
5.8
EPSS Score
0.008
Published
2019-03-27
CVE-2018-1064
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-03-28
CVE-2016-5008
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
CVSS Score
9.8
EPSS Score
0.028
Published
2016-07-13
CVE-2014-3672
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
CVSS Score
6.5
EPSS Score
0.0
Published
2016-05-25
CVE-2015-0236
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
CVSS Score
3.5
EPSS Score
0.004
Published
2015-01-29
CVE-2014-8131
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.
CVSS Score
4.0
EPSS Score
0.003
Published
2015-01-06
CVE-2014-7823
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-11-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved