CVE-2014-0028 — Redhat Libvirt vulnerability

CWE-26412 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 71.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Libvirt
Timeline
PublishedJan 24
Latest updateMay 17

Description

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.

CVSS vector

AV:A/AC:M/C:P/I:N/A:PExploitability: 5.5 | Impact: 4.9

Affected Packages2 packages

â–¶Debianredhat/libvirt< 1.2.1-1+3
â–¶NVDredhat/libvirt5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-76m6-h6vf-x33v: libvirt 1↗2022-05-17
â–¶
CVEList
CVE-2014-0028: libvirt 1↗2014-01-24
â–¶
OSV
CVE-2014-0028: libvirt 1↗2014-01-24
â–¶

📋Vendor Advisories

3
Ubuntu
libvirt vulnerabilities↗2014-01-30
â–¶
Red Hat
libvirt: event registration bypasses domain:getattr ACL↗2014-01-15
â–¶
Debian
CVE-2014-0028: libvirt - libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the dom...↗2014
â–¶

💬Community

5
Bugzilla
CVE-2014-7814 CFME: REST API SQL Injection↗2014-10-27
â–¶
Bugzilla
CVE-2014-0028 libvirt: event registration bypasses domain:getattr ACL [fedora-20]↗2014-01-16
â–¶
Bugzilla
CVE-2014-0492 flash-plugin: memory address layout randomization defeat (APSB14-02)↗2014-01-14
â–¶
Bugzilla
CVE-2014-0491 flash-plugin: security protection bypass (APSB14-02)↗2014-01-14
â–¶
Bugzilla
CVE-2014-0028 libvirt: event registration bypasses domain:getattr ACL↗2014-01-06
â–¶
CVE-2014-0028 — Redhat Libvirt vulnerability | cvebase