CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2176 – rhev-m: rhev-apt service unquoted search path
https://notcve.org/view.php?id=CVE-2013-2176
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. Vulnerabilidad de búsqueda de ruta sin entrecomillar en Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) en el paquete hev-guest-tools-iso 3.2, permite a usuarios locales elevar sus privilegios a través de una aplicación del tipo "troyano". • http://rhn.redhat.com/errata/RHSA-2013-1122.html https://access.redhat.com/security/cve/CVE-2013-2176 https://bugzilla.redhat.com/show_bug.cgi?id=974267 • CWE-399: Resource Management Errors CWE-428: Unquoted Search Path or Element •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-2144 – rhevm: insufficient target domain permission check when cloning a VM from a snapshot
https://notcve.org/view.php?id=CVE-2013-2144
Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. Red Hat Enterprise Virtualization Manager (RHEVM) anterior a 3.2, no maneja adecuadamente los permisos para el dominio de almacenamiento objetivo, lo que permite a atacantes provocar una denegación de servicio (consumo de espacio de disco) mediante el clonado de una máquina virtual desde un SnapShot. • http://rhn.redhat.com/errata/RHSA-2013-0888.html https://access.redhat.com/security/cve/CVE-2013-2144 https://bugzilla.redhat.com/show_bug.cgi?id=971058 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2151 – rhevm: rhev agent service unquoted search path
https://notcve.org/view.php?id=CVE-2013-2151
Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. Vulnerabilidad de ruta de búsqueda en Windows sin comillas de Red Hat Enterprise Virtualization (RHEV) 3 y 3.2 permite a usuarios locales obtener privilegios a través de una aplicación manipulada en una carpeta sin especificar. • http://rhn.redhat.com/errata/RHSA-2013-0925.html http://www.securityfocus.com/bid/60473 https://exchange.xforce.ibmcloud.com/vulnerabilities/84868 https://access.redhat.com/security/cve/CVE-2013-2151 https://bugzilla.redhat.com/show_bug.cgi?id=971171 • CWE-428: Unquoted Search Path or Element •
CVSS: 2.7EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0167 – vdsm: unfiltered guestInfo dictionary DoS
https://notcve.org/view.php?id=CVE-2013-0167
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." VDSM en Red Hat Enterprise Virtualization 3 y 3.2, permite a usuarios invitados con privilegios provocar que la maquina anfitriona "no esté disponible para el servidor de gestión" a través de diccionarios "guestInfo" con "campos inesperados". • https://bugzilla.redhat.com/show_bug.cgi?id=893332 https://rhn.redhat.com/errata/RHSA-2013-0886.html https://rhn.redhat.com/errata/RHSA-2013-0907.html https://access.redhat.com/security/cve/CVE-2013-0167 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0168 – rhev-m: insufficient MoveDisk target domain permission checks
https://notcve.org/view.php?id=CVE-2013-0168
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. El comando MoveDisk en Red Hat Enterprise Virtualization Manager (RHEV-M) v3.1 y anteriores, no valida adecuadamente los permisos en los dominios de almacenamiento, lo que permite a administradores de almacenamiento autenticados remotamente provocar una denegación de servicio (agotamiento del espacio libre sobre otros dominios de almacenamiento) a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0211.html http://www.securityfocus.com/bid/57750 http://www.securitytracker.com/id/1028076 https://bugzilla.redhat.com/show_bug.cgi?id=893355 https://exchange.xforce.ibmcloud.com/vulnerabilities/81834 https://access.redhat.com/security/cve/CVE-2013-0168 • CWE-264: Permissions, Privileges, and Access Controls •