CVE-2008-5714
6.3 Medium
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.007 Low
EPSS
Percentile
79.5%
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
References
lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
secunia.com/advisories/33568
secunia.com/advisories/34642
secunia.com/advisories/35062
svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
www.securityfocus.com/bid/33020
www.ubuntu.com/usn/usn-776-1
exchange.xforce.ibmcloud.com/vulnerabilities/47683
Related
6.3 Medium
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.007 Low
EPSS
Percentile
79.5%