libvirt-bash-completion (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package libvirt-bash-completion, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (16)
CVE-2020-14339 — CVSS 8.8 (high): A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows…
CVE-2020-35517 — CVSS 8.2 (high): A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest…
CVE-2020-1983 — CVSS 7.5 (high): A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of…
CVE-2021-3930 — CVSS 6.5 (medium): An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in…
CVE-2020-10703 — CVSS 6.5 (medium): A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for…
CVE-2020-14301 — CVSS 6.5 (medium): An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were…
CVE-2021-20257 — CVSS 6.5 (medium): An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in…
CVE-2021-3667 — CVSS 6.5 (medium): An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath…
CVE-2021-3631 — CVSS 6.3 (medium): A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to…
CVE-2019-20485 — CVSS 5.7 (medium): qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers…
CVE-2021-3594 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input()…
CVE-2021-3592 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input()…
CVE-2021-3595 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input()…
CVE-2021-3593 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input()…
CVE-2020-15859 — CVSS 3.3 (low): QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to…