| Bug | Description |
|---|
| CVE-2024-8235 | A flaw was found in libvirt. A refactor of the code fetching the list ... |
| CVE-2024-4418 | A race condition leading to a stack use-after-free flaw was found in l ... |
| CVE-2024-2496 | A NULL pointer dereference flaw was found in the udevConnectListAllInt ... |
| CVE-2024-2494 | A flaw was found in the RPC library APIs of libvirt. The RPC server de ... |
| CVE-2024-1441 | An off-by-one error flaw was found in the udevListInterfacesByStatus() ... |
| CVE-2023-3750 | A flaw was found in libvirt. The virStoragePoolObjListSearch function ... |
| CVE-2023-2700 | A vulnerability was found in libvirt. This security flaw ouccers due t ... |
| CVE-2022-0897 | A flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ... |
| CVE-2021-4147 | A flaw was found in the libvirt libxl driver. A malicious guest could ... |
| CVE-2021-3975 | A use-after-free flaw was found in libvirt. The qemuMonitorUnregister( ... |
| CVE-2021-3667 | An improper locking issue was found in the virStoragePoolLookupByTarge ... |
| CVE-2021-3631 | A flaw was found in libvirt while it generates SELinux MCS category pa ... |
| CVE-2021-3559 | A flaw was found in libvirt in the virConnectListAllNodeDevices API in ... |
| CVE-2020-25637 | A double free memory issue was found to occur in the libvirt API, in v ... |
| CVE-2020-15708 | Ubuntu's packaging of libvirt in 20.04 LTS created a control socket wi ... |
| CVE-2020-14339 | A flaw was found in libvirt, where it leaked a file descriptor for `/d ... |
| CVE-2020-14301 | An information disclosure vulnerability was found in libvirt in versio ... |
| CVE-2020-12430 | An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ... |
| CVE-2020-10703 | A NULL pointer dereference was found in the libvirt API responsible in ... |
| CVE-2020-10701 | A missing authorization flaw was found in the libvirt API responsible ... |
| CVE-2019-20485 | qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ... |
| CVE-2019-10168 | The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorC ... |
| CVE-2019-10167 | The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x befo ... |
| CVE-2019-10166 | It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x. ... |
| CVE-2019-10161 | It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would ... |
| CVE-2019-10132 | A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.s ... |
| CVE-2019-3886 | An incorrect permissions check was discovered in libvirt 4.8.0 and abo ... |
| CVE-2019-3840 | A NULL pointer dereference flaw was discovered in libvirt before versi ... |
| CVE-2018-6764 | util/virlog.c in libvirt does not properly determine the hostname on L ... |
| CVE-2018-5748 | qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of s ... |
| CVE-2018-1064 | libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustio ... |
| CVE-2017-1000256 | libvirt version 2.3.0 and later is vulnerable to a bad default configu ... |
| CVE-2017-2635 | A NULL pointer deference flaw was found in the way libvirt from 2.5.0 ... |
| CVE-2016-10746 | libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API ... |
| CVE-2016-5008 | libvirt before 2.0.0 improperly disables password checking when the pa ... |
| CVE-2015-5313 | Directory traversal vulnerability in the virStorageBackendFileSystemVo ... |
| CVE-2015-5247 | The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows ... |
| CVE-2015-5160 | libvirt before 2.2 includes Ceph credentials on the qemu command line ... |
| CVE-2015-0236 | libvirt before 1.2.12 allow remote authenticated users to obtain the V ... |
| CVE-2014-8136 | The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 func ... |
| CVE-2014-8135 | The storageVolUpload function in storage/storage_driver.c in libvirt b ... |
| CVE-2014-8131 | The qemu implementation of virConnectGetAllDomainStats in libvirt befo ... |
| CVE-2014-7823 | The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote rea ... |
| CVE-2014-5177 | libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access con ... |
| CVE-2014-3657 | The virDomainListPopulate function in conf/domain_conf.c in libvirt be ... |
| CVE-2014-3633 | The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt ... |
| CVE-2014-1447 | Race condition in the virNetServerClientStartKeepAlive function in lib ... |
| CVE-2014-0179 | libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a ... |
| CVE-2014-0028 | libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypa ... |
| CVE-2013-7336 | The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in lib ... |
| CVE-2013-6458 | Multiple race conditions in the (1) virDomainBlockStats, (2) virDomain ... |
| CVE-2013-6457 | The libxlDomainGetNumaParameters function in the libxl driver (libxl/l ... |
| CVE-2013-6456 | The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allow ... |
| CVE-2013-6436 | The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ... |
| CVE-2013-5651 | The virBitmapParse function in util/virbitmap.c in libvirt before 1.1. ... |
| CVE-2013-4401 | The virConnectDomainXMLToNative API function in libvirt 1.1.0 through ... |
| CVE-2013-4400 | virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to ... |
| CVE-2013-4399 | The remoteClientFreeFunc function in daemon/remote.c in libvirt before ... |
| CVE-2013-4311 | libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ... |
| CVE-2013-4297 | The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1. ... |
| CVE-2013-4296 | The remoteDispatchDomainMemoryStats function in daemon/remote.c in lib ... |
| CVE-2013-4292 | libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of servic ... |
| CVE-2013-4291 | The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1. ... |
| CVE-2013-4239 | The xenDaemonListDefinedDomains function in xen/xend_internal.c in lib ... |
| CVE-2013-4154 | The qemuAgentCommand function in libvirt before 1.1.1, when a guest ag ... |
| CVE-2013-4153 | Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qe ... |
| CVE-2013-2230 | The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows re ... |
| CVE-2013-2218 | Double free vulnerability in the virConnectListAllInterfaces method in ... |
| CVE-2013-1962 | The remoteDispatchStoragePoolListAllVolumes function in the storage po ... |
| CVE-2013-1766 | libvirt 1.0.2 and earlier sets the group owner to kvm for device files ... |
| CVE-2013-0170 | Use-after-free vulnerability in the virNetMessageFree function in rpc/ ... |
| CVE-2012-4423 | The virNetServerProgramDispatchCall function in libvirt before 0.10.2 ... |
| CVE-2012-3445 | The virTypedParameterArrayClear function in libvirt 0.9.13 does not pr ... |
| CVE-2012-2693 | libvirt, possibly before 0.9.12, does not properly assign USB devices ... |
| CVE-2011-4600 | The networkReloadIptablesRules function in network/bridge_driver.c in ... |
| CVE-2011-2511 | Integer overflow in libvirt before 0.9.3 allows remote authenticated u ... |
| CVE-2011-2178 | The virSecurityManagerGetPrivateData function in security/security_man ... |
| CVE-2011-1486 | libvirtd in libvirt before 0.9.0 does not use thread-safe error report ... |
| CVE-2011-1146 | libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restri ... |
| CVE-2010-2242 | Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improp ... |
| CVE-2010-2239 | Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images with ... |
| CVE-2010-2238 | Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-imag ... |
| CVE-2010-2237 | Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing s ... |
| CVE-2009-0036 | Buffer overflow in the proxyReadClientSocket function in proxy/libvirt ... |
| CVE-2008-5086 | Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a conn ... |