Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 93 results


CVE-2021-3631

Negligible priority

Some fixes available 8 of 12

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement....

1 affected packages

libvirt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvirt Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2021-3975

Low priority

Some fixes available 8 of 11

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by...

1 affected packages

libvirt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvirt Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2020-14301

Medium priority
Not affected

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to...

1 affected packages

libvirt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvirt Not affected Not affected Not affected
Show less packages

CVE-2020-10701

Low priority
Not affected

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond...

1 affected packages

libvirt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvirt Not affected Not affected
Show less packages

CVE-2021-3559

Medium priority
Not affected

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an...

1 affected packages

libvirt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvirt Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-14339

Low priority
Not affected

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw...

1 affected packages

libvirt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvirt Not affected Not affected Not affected
Show less packages

CVE-2020-25637

Negligible priority

Some fixes available 2 of 5

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control...

1 affected packages

libvirt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvirt Not affected Not affected Fixed Fixed Vulnerable
Show less packages

CVE-2020-15708

Medium priority
Fixed

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.

1 affected packages

libvirt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvirt Fixed Not affected Not affected
Show less packages

CVE-2020-12430

Medium priority
Fixed

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving...

1 affected packages

libvirt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvirt Fixed Not affected Not affected
Show less packages

CVE-2020-10703

Low priority
Fixed

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage...

1 affected packages

libvirt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvirt Not affected Fixed Not affected
Show less packages