CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-2144 – rhevm: insufficient target domain permission check when cloning a VM from a snapshot
https://notcve.org/view.php?id=CVE-2013-2144
Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. Red Hat Enterprise Virtualization Manager (RHEVM) anterior a 3.2, no maneja adecuadamente los permisos para el dominio de almacenamiento objetivo, lo que permite a atacantes provocar una denegación de servicio (consumo de espacio de disco) mediante el clonado de una máquina virtual desde un SnapShot. • http://rhn.redhat.com/errata/RHSA-2013-0888.html https://access.redhat.com/security/cve/CVE-2013-2144 https://bugzilla.redhat.com/show_bug.cgi?id=971058 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0168 – rhev-m: insufficient MoveDisk target domain permission checks
https://notcve.org/view.php?id=CVE-2013-0168
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. El comando MoveDisk en Red Hat Enterprise Virtualization Manager (RHEV-M) v3.1 y anteriores, no valida adecuadamente los permisos en los dominios de almacenamiento, lo que permite a administradores de almacenamiento autenticados remotamente provocar una denegación de servicio (agotamiento del espacio libre sobre otros dominios de almacenamiento) a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0211.html http://www.securityfocus.com/bid/57750 http://www.securitytracker.com/id/1028076 https://bugzilla.redhat.com/show_bug.cgi?id=893355 https://exchange.xforce.ibmcloud.com/vulnerabilities/81834 https://access.redhat.com/security/cve/CVE-2013-0168 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2012-6115 – rhev: rhevm-manage-domains logs admin passwords
https://notcve.org/view.php?id=CVE-2012-6115
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. La herramienta para la gestión de dominios (rhevm-manage-domains)Red Hat Enterprise Virtualization Manager (RHEV-M) v3.1 y anteriores, cuando la opción de validación está activada, registra la contraseña administrativa en un archivo de registro con permisos de lectura globales, lo que permite a usuarios locales obtener información sensible mediante su lectura. • http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commit%3Bh=e8c72daec4efa8be0fcd8ea55c41e855ddd8eedf http://rhn.redhat.com/errata/RHSA-2013-0211.html http://www.securityfocus.com/bid/57749 http://www.securitytracker.com/id/1028076 https://bugzilla.redhat.com/show_bug.cgi?id=893355 https://exchange.xforce.ibmcloud.com/vulnerabilities/81833 https://access.redhat.com/security/cve/CVE-2012-6115 https://bugzilla.redhat.com/show_bug.cgi?id=905865 • CWE-255: Credentials Management Errors •
CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2011-4316 – SPICE screen locking race condition
https://notcve.org/view.php?id=CVE-2011-4316
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, en ciertas condificones no especificadas, no bloquea la pantalla del escritorio entre sesiones SPICE, lo que permite a usuarios locales con acceso a una máquina virtual a obtener acceso a otra sesión de usuario a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2012-1506.html http://rhn.redhat.com/errata/RHSA-2012-1508.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://bugzilla.redhat.com/show_bug.cgi?id=754876 https://access.redhat.com/security/cve/CVE-2011-4316 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.7EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2696 – rhev: backend allows unprivileged queries
https://notcve.org/view.php?id=CVE-2012-2696
The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. El "backend" en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1 no comprueba los privilegios de forma adecuada, lo que permite a usuarios remotos autenticados a consultar información a través de una consulta (1) SOAP o (2) GWT. • http://rhn.redhat.com/errata/RHSA-2012-1506.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://exchange.xforce.ibmcloud.com/vulnerabilities/80545 https://access.redhat.com/security/cve/CVE-2012-2696 https://bugzilla.redhat.com/show_bug.cgi?id=831565 • CWE-264: Permissions, Privileges, and Access Controls •