CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-2144 – rhevm: insufficient target domain permission check when cloning a VM from a snapshot
https://notcve.org/view.php?id=CVE-2013-2144
Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. Red Hat Enterprise Virtualization Manager (RHEVM) anterior a 3.2, no maneja adecuadamente los permisos para el dominio de almacenamiento objetivo, lo que permite a atacantes provocar una denegación de servicio (consumo de espacio de disco) mediante el clonado de una máquina virtual desde un SnapShot. • http://rhn.redhat.com/errata/RHSA-2013-0888.html https://access.redhat.com/security/cve/CVE-2013-2144 https://bugzilla.redhat.com/show_bug.cgi?id=971058 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2151 – rhevm: rhev agent service unquoted search path
https://notcve.org/view.php?id=CVE-2013-2151
Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. Vulnerabilidad de ruta de búsqueda en Windows sin comillas de Red Hat Enterprise Virtualization (RHEV) 3 y 3.2 permite a usuarios locales obtener privilegios a través de una aplicación manipulada en una carpeta sin especificar. • http://rhn.redhat.com/errata/RHSA-2013-0925.html http://www.securityfocus.com/bid/60473 https://exchange.xforce.ibmcloud.com/vulnerabilities/84868 https://access.redhat.com/security/cve/CVE-2013-2151 https://bugzilla.redhat.com/show_bug.cgi?id=971171 • CWE-428: Unquoted Search Path or Element •
CVSS: 2.7EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0167 – vdsm: unfiltered guestInfo dictionary DoS
https://notcve.org/view.php?id=CVE-2013-0167
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." VDSM en Red Hat Enterprise Virtualization 3 y 3.2, permite a usuarios invitados con privilegios provocar que la maquina anfitriona "no esté disponible para el servidor de gestión" a través de diccionarios "guestInfo" con "campos inesperados". • https://bugzilla.redhat.com/show_bug.cgi?id=893332 https://rhn.redhat.com/errata/RHSA-2013-0886.html https://rhn.redhat.com/errata/RHSA-2013-0907.html https://access.redhat.com/security/cve/CVE-2013-0167 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0168 – rhev-m: insufficient MoveDisk target domain permission checks
https://notcve.org/view.php?id=CVE-2013-0168
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. El comando MoveDisk en Red Hat Enterprise Virtualization Manager (RHEV-M) v3.1 y anteriores, no valida adecuadamente los permisos en los dominios de almacenamiento, lo que permite a administradores de almacenamiento autenticados remotamente provocar una denegación de servicio (agotamiento del espacio libre sobre otros dominios de almacenamiento) a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0211.html http://www.securityfocus.com/bid/57750 http://www.securitytracker.com/id/1028076 https://bugzilla.redhat.com/show_bug.cgi?id=893355 https://exchange.xforce.ibmcloud.com/vulnerabilities/81834 https://access.redhat.com/security/cve/CVE-2013-0168 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2012-6115 – rhev: rhevm-manage-domains logs admin passwords
https://notcve.org/view.php?id=CVE-2012-6115
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. La herramienta para la gestión de dominios (rhevm-manage-domains)Red Hat Enterprise Virtualization Manager (RHEV-M) v3.1 y anteriores, cuando la opción de validación está activada, registra la contraseña administrativa en un archivo de registro con permisos de lectura globales, lo que permite a usuarios locales obtener información sensible mediante su lectura. • http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commit%3Bh=e8c72daec4efa8be0fcd8ea55c41e855ddd8eedf http://rhn.redhat.com/errata/RHSA-2013-0211.html http://www.securityfocus.com/bid/57749 http://www.securitytracker.com/id/1028076 https://bugzilla.redhat.com/show_bug.cgi?id=893355 https://exchange.xforce.ibmcloud.com/vulnerabilities/81833 https://access.redhat.com/security/cve/CVE-2012-6115 https://bugzilla.redhat.com/show_bug.cgi?id=905865 • CWE-255: Credentials Management Errors •