CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3559 – ovirt-engine-backend: memory snapshots not wiped when deleting a VM with wipe-after-delete (WAD) enabled for its disks
https://notcve.org/view.php?id=CVE-2014-3559
04 Aug 2014 — The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume. El backend de almacenaje oVirt en Red Hat Enterprise Virtualization 3.4 no borra instantáneas de la memoria cuando elimina una VM, incluso cuando bo... • http://rhn.redhat.com/errata/RHSA-2014-1002.html • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3485 – ovirt-engine-api: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2014-3485
30 Jun 2014 — The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue. REST API en ovirt-engine en oVirt, utilizado en Red Hat Enterprise Virtualization (rhevm) 3.4, permite a usuarios remotos autenticados leer ficheros arbitrarios y tener otro impacto no especificado a través de vectores desconocidos, relacionado con un... • http://rhn.redhat.com/errata/RHSA-2014-0814.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •