Lucene search

K

RedhatCVELIST:CVE-2014-0179

HistoryAug 03, 2014 - 6:00 p.m.

CVE-2014-0179

2014-08-0318:00:00

redhat

www.cve.org

4

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.8%

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.

References

libvirt.org/news.html

lists.opensuse.org/opensuse-updates/2014-05/msg00048.html

lists.opensuse.org/opensuse-updates/2014-05/msg00052.html

rhn.redhat.com/errata/RHSA-2014-0560.html

secunia.com/advisories/60895

security.gentoo.org/glsa/glsa-201412-04.xml

security.libvirt.org/2014/0003.html

www.debian.org/security/2014/dsa-3038

www.ubuntu.com/usn/USN-2366-1

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.8%

Related for CVELIST:CVE-2014-0179

prion2 centos2 cve2 nessus18 nvd2 redhat3 debiancve2 ubuntucve2 cvelist1 securityvulns4 openvas14 ubuntu1 oraclelinux2 veracode1 mageia1 debian2 osv16 f52 fedora3 gentoo1