libvirt prior to 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mageia mageia 4.0 |
||
redhat libvirt |
||
redhat libvirt 1.2.0 |
||
redhat libvirt 1.2.1 |
||
redhat libvirt 1.2.2 |
||
redhat libvirt 1.2.3 |
||
redhat libvirt 1.2.4 |
||
redhat libvirt 1.2.5 |
||
redhat libvirt 1.2.6 |
||
redhat libvirt 1.2.7 |
||
redhat libvirt 1.2.8 |
||
redhat libvirt 1.2.9 |
||
redhat libvirt 1.2.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.04 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux hpc node 7.0 |