Search CVE reports

41 – 50 of 95 results

Detailed view

Sort by:

CVE-2018-5748

Low priority

Fixed

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

1 affected package

libvirt

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvirt	—	—	—	Not affected	Not affected

CVE-2017-5715

High priority

Some fixes available 46 of 56

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

87 affected packages

linux, linux-goldfish, linux-grouper, linux-lts-quantal, linux-lts-raring...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux	—	Not affected	Not affected	Not affected	Not affected
linux-goldfish	—	—	—	—	Not in release
linux-grouper	—	—	—	—	Not in release
linux-lts-quantal	—	—	—	—	Not in release
linux-lts-raring	—	—	—	—	Not in release
linux-lts-saucy	—	—	—	—	Not in release
linux-aws	—	Not affected	Not affected	Not affected	Not affected
linux-flo	—	—	—	—	Not in release
linux-gke	—	Not affected	Not affected	Ignored	Not in release
linux-hwe	—	Not in release	Not in release	Not in release	Not affected
linux-lts-utopic	—	—	—	—	Not in release
linux-lts-vivid	—	—	—	—	Not in release
linux-lts-wily	—	—	—	—	Not in release
linux-lts-xenial	—	Not in release	Not in release	Not in release	Not in release
linux-mako	—	—	—	—	Not in release
linux-manta	—	—	—	—	Not in release
linux-raspi2	—	Not in release	Not in release	Ignored	Not affected
linux-snapdragon	—	Not in release	Not in release	Not in release	Not affected
amd64-microcode	—	Not affected	Not affected	Not affected	Fixed
firefox	—	Not affected	Not affected	Not in release	Fixed
intel-microcode	—	Not affected	Not affected	Not affected	Not affected
libvirt	—	Not affected	Not affected	Not affected	Not affected
linux-azure	—	Not affected	Not affected	Not affected	Not affected
linux-azure-edge	—	Not in release	Not in release	Not in release	Not affected
linux-euclid	—	—	—	—	Not in release
linux-gcp	—	Not affected	Not affected	Not affected	Not affected
linux-kvm	—	Not in release	Not affected	Not affected	Not affected
linux-oem	—	Not in release	Not in release	Not in release	Not affected
qemu	—	Not affected	Not affected	Not affected	Fixed
linux-hwe-edge	—	Not in release	Not in release	Not in release	Not affected
linux-lts-trusty	—	—	—	—	Not in release
linux-maguro	—	—	—	—	Not in release
qemu-kvm	—	—	—	—	Not in release
webkit2gtk	—	Not affected	Not affected	Not affected	Not affected
linux-hwe-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-hwe-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-hwe-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-aws-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-aws-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-aws-hwe	—	Not in release	Not in release	Not in release	Not in release
linux-azure-4.15	—	Not in release	Not in release	Not in release	Not affected
linux-azure-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-azure-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-azure-fde	—	Not affected	Not affected	Ignored	Not in release
linux-azure-fde-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-bluefield	—	Not in release	Not in release	Not affected	Not in release
linux-fips	—	Not in release	Not affected	Not affected	Not affected
linux-aws-fips	—	Not in release	Not affected	Not affected	Not affected
linux-azure-fips	—	Not in release	Not affected	Not affected	Not affected
linux-gcp-fips	—	Not in release	Not affected	Not affected	Not affected
linux-gcp-4.15	—	Not in release	Not in release	Not in release	Not affected
linux-gcp-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-gcp-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-gkeop	—	Not affected	Not affected	Not affected	Not in release
linux-gkeop-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-ibm	—	Not affected	Not affected	Not affected	Not in release
linux-ibm-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-ibm-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-intel	—	Not affected	Not in release	Not in release	Not in release
linux-intel-iotg	—	Not in release	Not affected	Not in release	Not in release
linux-intel-iotg-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-iot	—	Not in release	Not in release	Not affected	Not in release
linux-intel-iot-realtime	—	Not in release	Not affected	Not in release	Not in release
linux-lowlatency	—	Not affected	Not affected	Not in release	Not in release
linux-lowlatency-hwe-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-lowlatency-hwe-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-nvidia	—	Not affected	Not affected	Not in release	Not in release
linux-nvidia-6.5	—	Not in release	Not affected	Not in release	Not in release
linux-nvidia-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-nvidia-lowlatency	—	Not affected	Not in release	Not in release	Not in release
linux-oracle	—	Not affected	Not affected	Not affected	Not affected
linux-oracle-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-oracle-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-oem-6.8	—	Not affected	Not in release	Not in release	Not in release
linux-raspi	—	Not affected	Not affected	Not affected	Not in release
linux-raspi-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-raspi-realtime	—	Not affected	Not in release	Not in release	Not in release
linux-realtime	—	Not affected	Not affected	Not in release	Not in release
linux-riscv	—	Not affected	Ignored	Ignored	Not in release
linux-riscv-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-riscv-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-xilinx-zynqmp	—	Not in release	Not affected	Not affected	Not in release
linux-aws-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-gcp-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-oracle-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-azure-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-oem-6.11	—	Not affected	Not in release	Not in release	Not in release

CVE-2017-1000256

Low priority

Some fixes available 1 of 2

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

1 affected package

libvirt

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvirt	—	—	—	—	—

CVE-2016-5008

Low priority

Some fixes available 10 of 14

libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.

1 affected package

libvirt

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvirt	—	—	—	Fixed	Fixed

CVE-2014-3672

Negligible priority

Some fixes available 2 of 12

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

4 affected packages

libvirt, qemu, qemu-kvm, xen

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvirt	—	—	—	—	—
qemu	—	—	—	—	—
qemu-kvm	—	—	—	—	—
xen	—	—	—	—	—

CVE-2015-5313

Low priority

Fixed

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with...

1 affected package

libvirt

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvirt	—	—	—	—	—

CVE-2015-5247

Low priority

Fixed

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on...

1 affected package

libvirt

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvirt	—	—	—	—	—

CVE-2015-0236

Low priority

Some fixes available 1 of 3

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to...

1 affected package

libvirt

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvirt	—	—	—	—	—

CVE-2014-8131

Low priority

Ignored

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of...

1 affected package

libvirt

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvirt	—	—	—	—	—

CVE-2014-8135

Low priority

Ignored

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via...

1 affected package

libvirt

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libvirt	—	—	—	—	—

Export to JSON

Results by page: