rpm package
suse/libvirt&distro=SUSE Linux Enterprise Server 12 SP1
pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-5008 | Cri | 9.8 | < 1.2.18.4-11.7 | 1.2.18.4-11.7 | Jul 13, 2016 | libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | |
| CVE-2015-5313 | Low | 2.5 | < 1.2.18.2-8.1 | 1.2.18.2-8.1 | Apr 11, 2016 | Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write t |
- affected < 1.2.18.4-11.7fixed 1.2.18.4-11.7
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
- affected < 1.2.18.2-8.1fixed 1.2.18.2-8.1
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write t