Количество 18
Количество 18
GHSA-5p5j-3wqp-w634
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10167
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10167
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10167
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10167
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x befo ...
BDU:2019-02853
Уязвимость функции virConnectGetDomainCapabilities() библиотеки управления виртуализацией Libvirt, позволяющая нарушителю выполнить произвольный код или повысить свои привилегии
SUSE-SU-2019:2227-2
Security update for libvirt
SUSE-SU-2019:2227-1
Security update for libvirt
SUSE-SU-2019:2105-1
Security update for libvirt
SUSE-SU-2019:1686-1
Security update for libvirt
openSUSE-SU-2019:1672-1
Security update for libvirt
SUSE-SU-2019:1637-1
Security update for libvirt
SUSE-SU-2019:1599-1
Security update for libvirt
openSUSE-SU-2019:1753-1
Security update for libvirt
SUSE-SU-2019:1643-1
Security update for libvirt
ELSA-2019-1580
ELSA-2019-1580: virt:rhel security update (IMPORTANT)
ELSA-2019-1579
ELSA-2019-1579: libvirt security and bug fix update (IMPORTANT)
ELSA-2019-4714
ELSA-2019-4714: libvirt security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-5p5j-3wqp-w634 The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. | CVSS3: 7.8 | 0% Низкий | около 3 лет назад |
 | CVE-2019-10167 The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. | CVSS3: 7.8 | 0% Низкий | почти 6 лет назад |
 | CVE-2019-10167 The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. | CVSS3: 8.8 | 0% Низкий | около 6 лет назад |
 | CVE-2019-10167 The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. | CVSS3: 7.8 | 0% Низкий | почти 6 лет назад |
| CVE-2019-10167 The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x befo ... | CVSS3: 7.8 | 0% Низкий | почти 6 лет назад |
 | BDU:2019-02853 Уязвимость функции virConnectGetDomainCapabilities() библиотеки управления виртуализацией Libvirt, позволяющая нарушителю выполнить произвольный код или повысить свои привилегии | CVSS3: 4.9 | 0% Низкий | почти 6 лет назад |
 | SUSE-SU-2019:2227-2 Security update for libvirt | почти 6 лет назад | ||
| SUSE-SU-2019:2227-1 Security update for libvirt | почти 6 лет назад | ||
| SUSE-SU-2019:2105-1 Security update for libvirt | почти 6 лет назад | ||
| SUSE-SU-2019:1686-1 Security update for libvirt | почти 6 лет назад | ||
| openSUSE-SU-2019:1672-1 Security update for libvirt | почти 6 лет назад | ||
| SUSE-SU-2019:1637-1 Security update for libvirt | около 6 лет назад | ||
| SUSE-SU-2019:1599-1 Security update for libvirt | около 6 лет назад | ||
| openSUSE-SU-2019:1753-1 Security update for libvirt | почти 6 лет назад | ||
| SUSE-SU-2019:1643-1 Security update for libvirt | около 6 лет назад | ||
| ELSA-2019-1580 ELSA-2019-1580: virt:rhel security update (IMPORTANT) | почти 6 лет назад | ||
| ELSA-2019-1579 ELSA-2019-1579: libvirt security and bug fix update (IMPORTANT) | около 6 лет назад | ||
| ELSA-2019-4714 ELSA-2019-4714: libvirt security update (IMPORTANT) | почти 6 лет назад |
Уязвимостей на страницу