rpm package
suse/libvirt&distro=SUSE Linux Enterprise Software Development Kit 12
pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5313 | Low | 2.5 | < 1.2.5-27.10.1 | 1.2.5-27.10.1 | Apr 11, 2016 | Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write t | |
| CVE-2015-0236 | — | < 1.2.5-27.10.1 | 1.2.5-27.10.1 | Jan 29, 2015 | libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. | ||
| CVE-2014-8136 | — | < 1.2.5-21.1 | 1.2.5-21.1 | Dec 19, 2014 | The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. | ||
| CVE-2014-7823 | — | < 1.2.5-21.1 | 1.2.5-21.1 | Nov 13, 2014 | The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. | ||
| CVE-2014-3657 | — | < 1.2.5-21.1 | 1.2.5-21.1 | Oct 6, 2014 | The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API c |
- affected < 1.2.5-27.10.1fixed 1.2.5-27.10.1
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write t
- CVE-2015-0236Jan 29, 2015affected < 1.2.5-27.10.1fixed 1.2.5-27.10.1
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
- CVE-2014-8136Dec 19, 2014affected < 1.2.5-21.1fixed 1.2.5-21.1
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
- CVE-2014-7823Nov 13, 2014affected < 1.2.5-21.1fixed 1.2.5-21.1
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
- CVE-2014-3657Oct 6, 2014affected < 1.2.5-21.1fixed 1.2.5-21.1
The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API c