Summary
| Detail | |||
|---|---|---|---|
| Vendor | Libvirt | First view | 2014-10-06 |
| Product | Libvirt | Last view | 2018-08-20 |
| Version | 1.2.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:libvirt:libvirt | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2018-08-20 | CVE-2015-5160 | libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. |
| 5 | 2014-10-06 | CVE-2014-3657 | The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command. |
| 5.8 | 2014-10-06 | CVE-2014-3633 | The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-399 | Resource Management Errors |
| 33% (1) | CWE-200 | Information Exposure |
| 33% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-12-15 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20161103_libvirt_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2016-11-28 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2016-2577.nasl - Type: ACT_GATHER_INFO |
| 2016-11-11 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2016-2577.nasl - Type: ACT_GATHER_INFO |
| 2016-11-04 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-2577.nasl - Type: ACT_GATHER_INFO |
| 2015-03-30 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2015-115.nasl - Type: ACT_GATHER_INFO |
| 2014-11-20 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2014-1873.nasl - Type: ACT_GATHER_INFO |
| 2014-11-19 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-1873.nasl - Type: ACT_GATHER_INFO |
| 2014-11-12 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2404-1.nasl - Type: ACT_GATHER_INFO |
| 2014-10-15 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-585.nasl - Type: ACT_GATHER_INFO |
| 2014-10-15 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-586.nasl - Type: ACT_GATHER_INFO |
| 2014-10-06 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2014-1352.nasl - Type: ACT_GATHER_INFO |
| 2014-10-06 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2014-195.nasl - Type: ACT_GATHER_INFO |
| 2014-10-02 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-1352.nasl - Type: ACT_GATHER_INFO |
| 2014-10-01 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2366-1.nasl - Type: ACT_GATHER_INFO |
| 2014-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3038.nasl - Type: ACT_GATHER_INFO |
