5 matches found
SUSE CVE-2014-7823
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIRDOMAINXMLMIGRATABLE flag, which triggers the use of the VIRDOMAINXMLSECURE flag...
libvirt: dumpxml: information leak with migratable flag
It was found that when the VIRDOMAINXMLMIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc function could bypass the restrictions of the VIRDOMAINXMLSECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak...
libvirt: dumpxml: information leak with migratable flag
It was found that when the VIRDOMAINXMLMIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc function could bypass the restrictions of the VIRDOMAINXMLSECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak...
DEBIAN-CVE-2014-7823
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIRDOMAINXMLMIGRATABLE flag, which triggers the use of the VIRDOMAINXMLSECURE flag...
UBUNTU-CVE-2014-7823
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIRDOMAINXMLMIGRATABLE flag, which triggers the use of the VIRDOMAINXMLSECURE flag...