Download
| Alert*
oval:org.secpod.oval:def:66676
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: arbitrary file read/exec via virDomainSaveImageGetXM ... oval:org.secpod.oval:def:705057 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:89003308 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:205221 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: arbitrary file read/exec via virDomainSaveImageGetXM ... oval:org.secpod.oval:def:89003061 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:89003330 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:1502550 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1801500 CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API¶ It was discovered that libvirtd would permit readonly clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacke ... oval:org.secpod.oval:def:57460 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:503166 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: arbitrary file read/exec via virDomainSaveImageGetXM ... oval:org.secpod.oval:def:1801496 CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API¶ It was discovered that libvirtd would permit readonly clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacke ... oval:org.secpod.oval:def:1801497 CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API¶ It was discovered that libvirtd would permit readonly clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacke ... oval:org.secpod.oval:def:1504387 libguestfs [1:1.38.4-10.1.0.1] - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.38.4-10.1] - Fix inspection of partition-less devices resolves: rhbz#1714747 libssh2 [1.8.0-7.el8_0.1] - fix integer overflow in keyboard interactive ha ... oval:org.secpod.oval:def:1801498 CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API¶ It was discovered that libvirtd would permit readonly clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacke ... oval:org.secpod.oval:def:89050621 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:89050628 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:89003031 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:603950 Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API. Additionally ... oval:org.secpod.oval:def:116835 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:116833 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:1902192 The virConnectGetDomainCapabilities API reports the domain capabilities XML without checking for a read-only connection. This allows unprivileged users to execute arbitrary binaries with elevated privileges. oval:org.secpod.oval:def:1700215 Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writin ... oval:org.secpod.oval:def:1502567 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:55650 Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API. Additionally ... |