DEBIAN-CVE-2015-0236

DEBIAN-CVE-2015-0236 PUBLISHED

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

Affected Products

Vendor	Product	Versions
Debian	libvirt
Debian:14	libvirt	0, 0, 0
Debian:11	libvirt	0, 0, 0
Debian:12	libvirt	0, 0, 0
Debian:13	libvirt	0, 0, 0

Timeline

Jan 29, 2015 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-0236 advisory

Open in Interactive Console →