CVE-2015-0236
29.01.2015, 15:59
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mageia | mageia | 4.0 |
| redhat | libvirt | 𝑥 ≤ 1.2.11 |
| redhat | libvirt | 1.2.0 |
| redhat | libvirt | 1.2.1 |
| redhat | libvirt | 1.2.2 |
| redhat | libvirt | 1.2.3 |
| redhat | libvirt | 1.2.4 |
| redhat | libvirt | 1.2.5 |
| redhat | libvirt | 1.2.6 |
| redhat | libvirt | 1.2.7 |
| redhat | libvirt | 1.2.8 |
| redhat | libvirt | 1.2.9 |
| redhat | libvirt | 1.2.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 15.04 |
| canonical | ubuntu_linux | 15.10 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_hpc_node | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References