CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4443 – org.ovirt.engine-root: engine-setup logs contained information for extracting admin password
https://notcve.org/view.php?id=CVE-2016-4443
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. Red Hat Enterprise Virtualization (RHEV) Manager 3.6 permite a usuarios locales obtener claves de encriptación, certificados y otra información sensible mediante la lectura del archivo de inicio de sesión engine-setup. A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords). • http://rhn.redhat.com/errata/RHSA-2016-1929.html http://www.securityfocus.com/bid/92751 http://www.securitytracker.com/id/1036863 https://bugzilla.redhat.com/show_bug.cgi?id=1335106 https://access.redhat.com/security/cve/CVE-2016-4443 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1841 – RHEV-M: webadmin automatic logout fails if VM is selected
https://notcve.org/view.php?id=CVE-2015-1841
The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. Vulnerabilidad en la interfaz Web Admin en Red Hat Enterprise Virtualization Manager (RHEV-M), permite a usuarios locales eludir la función timeout seleccionando una VM en la vista de cuadrícula VM. It was found that the idle timeout in the Red Hat Enterprise Virtualization Manager Web Admin interface failed to log out a session if a VM has been selected in the VM grid view. This could allow a local attacker to access the web interface if it was left unattended. • http://rhn.redhat.com/errata/RHSA-2015-1713.html http://www.securitytracker.com/id/1033459 https://access.redhat.com/security/cve/CVE-2015-1841 https://bugzilla.redhat.com/show_bug.cgi?id=1206332 • CWE-17: DEPRECATED: Code •
CVSS: 7.7EPSS: 0%CPEs: 10EXPL: 1CVE-2015-3456 – QEMU - Floppy Disk Controller (FDC) (PoC)
https://notcve.org/view.php?id=CVE-2015-3456
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Floppy Disk Controller (FDC) en QEMU, utilizado en Xen 4.5.x y anteriores y KVM, permite a usuarios locales invitados causar una denegación de servicio (escritura fuera de rango y caída del invitado) o posiblemente ejecutar código arbitrario a través de (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, u otros comandos sin especificar, también conocido como VENOM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. • https://www.exploit-db.com/exploits/37053 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3561 – ovirt-engine-log-collector: database password disclosed in process listing
https://notcve.org/view.php?id=CVE-2014-3561
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes. El paquete rhevm-log-collector en Red Hat Enterprise Virtualization 3.4 utiliza la contraseña de la base de datos PostgreSQL en la línea de comandos cuando llama a sosreport, lo que permite a usuarios locales obtener información sensible mediante el listado de los procesos. It was found that rhevm-log-collector called sosreport with the PostgreSQL database password passed as a command line parameter. A local attacker could read this password by monitoring a process listing. The password would also be written to a log file, which could potentially be read by a local attacker. • http://rhn.redhat.com/errata/RHSA-2014-1947.html http://www.securitytracker.com/id/1031291 https://exchange.xforce.ibmcloud.com/vulnerabilities/99096 https://access.redhat.com/security/cve/CVE-2014-3561 https://bugzilla.redhat.com/show_bug.cgi?id=1122781 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3559 – ovirt-engine-backend: memory snapshots not wiped when deleting a VM with wipe-after-delete (WAD) enabled for its disks
https://notcve.org/view.php?id=CVE-2014-3559
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume. El backend de almacenaje oVirt en Red Hat Enterprise Virtualization 3.4 no borra instantáneas de la memoria cuando elimina una VM, incluso cuando borrar después de eliminar (wipe-after-delete o WAD) está configurado para el disco de la VM, lo que permite a usuarios remotos autenticados con ciertas credenciales leer porciones de la memoria eliminada de la VM y obtener información sensible a través de un volumen de almacenaje no inicializado. It was found that the oVirt storage back end did not wipe memory snapshots when VMs were deleted, even if wipe-after-delete (WAD) was enabled for the VM's disks. A remote attacker with credentials to create a new VM could use this flaw to potentially access the contents of memory snapshots in an uninitialized storage volume, possibly leading to the disclosure of sensitive information. • http://rhn.redhat.com/errata/RHSA-2014-1002.html http://www.securitytracker.com/id/1030664 https://bugzilla.redhat.com/show_bug.cgi?id=1121925 https://exchange.xforce.ibmcloud.com/vulnerabilities/95098 https://access.redhat.com/security/cve/CVE-2014-3559 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-264: Permissions, Privileges, and Access Controls •