CVE-2015-0236
published 2015-01-29CVE-2015-0236: libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the…
low3.5CVSS 3.1
AVNACMAuSCPINAN
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libvirt | < libvirt 1.2.9-8 (bookworm) | libvirt 1.2.9-8 (bookworm) |
| mageia | mageia | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | libvirt | <= 1.2.11 | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | >= 0 < 1.2.9-8 | 1.2.9-8 |
| redhat | libvirt | >= 0 < 1.2.9-8 | 1.2.9-8 |
| redhat | libvirt | >= 0 < 1.2.9-8 | 1.2.9-8 |
CVSS provenance
nvd3.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
osv5.9MEDIUM