Skip to main content

Mageia CVE-2015-0236

LOW
Information Exposure (CWE-200)
2015-01-29 secalert@redhat.com
3.5
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.5 LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 29, 2015 - 15:59 cve.org
LOW 3.5

DescriptionCVE.org

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

AnalysisAI

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. Affected products include: Mageia, Redhat Libvirt, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node. Version information: before 1.2.12.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Mageia

View all
CVE-2014-9274 HIGH POC
7.5 Dec 09

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated b

CVE-2014-5461 MEDIUM POC
5.0 Sep 04

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attacker

CVE-2014-9116 MEDIUM POC
5.0 Dec 02

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, w

CVE-2014-7204 MEDIUM POC
5.0 Oct 07

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk co

CVE-2014-9087 HIGH
7.5 Dec 01

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to

CVE-2014-8117 MEDIUM
5.0 Dec 17

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of se

CVE-2014-8116 MEDIUM
5.0 Dec 17

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or

CVE-2013-4159 HIGH
7.5 Aug 06

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related

CVE-2014-9037 MEDIUM
6.8 Nov 25

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obt

CVE-2014-8104 MEDIUM
6.8 Dec 03

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause

CVE-2014-3429 MEDIUM
6.8 Aug 07

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote att

CVE-2015-2296 MEDIUM
6.8 Mar 18

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session

Share

CVE-2015-0236 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy