CVE-2013-0293
https://notcve.org/view.php?id=CVE-2013-0293
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation oVirt Node: la pantalla de bloqueo acepta F2 para la caiga del shell causando una escalada de privilegios • http://www.openwall.com/lists/oss-security/2013/02/28/13 http://www.securityfocus.com/bid/58227 https://access.redhat.com/security/cve/cve-2013-0293 https://exchange.xforce.ibmcloud.com/vulnerabilities/82474 https://security-tracker.debian.org/tracker/CVE-2013-0293 • CWE-269: Improper Privilege Management •
CVE-2012-4480
https://notcve.org/view.php?id=CVE-2012-4480
mom creates world-writable pid files in /var/run mom crea archivos pid de tipo world-writable en /var/run. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089658.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090188.html https://access.redhat.com/security/cve/cve-2012-4480 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4480 https://exchange.xforce.ibmcloud.com/vulnerabilities/79190 • CWE-269: Improper Privilege Management •
CVE-2012-5518
https://notcve.org/view.php?id=CVE-2012-5518
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) vdsm: la generación de certificados tras creación del nodo, permitiendo que vdsm inicie y sirva peticiones de cualquier persona que tenga una clave coincidente (y un certificado). • http://www.openwall.com/lists/oss-security/2012/11/11/3 https://access.redhat.com/security/cve/cve-2012-5518 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5518 • CWE-295: Improper Certificate Validation •
CVE-2013-4367
https://notcve.org/view.php?id=CVE-2013-4367
ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. ovirt-engine versión 3.2, ejecutado sobre el kernel de Linux versiones 3.1 y posteriores, crea determinados archivos de tipo world-writeable debido a un cambio de kernel ascendente que impactó cómo opera la función os.chmod() de python cuando pasó a un modo de "-1". • https://access.redhat.com/security/cve/cve-2013-4367 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4367 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-10194 – ovirt-engine-metrics: disclosure of sensitive passwords in log files and ansible playbooks
https://notcve.org/view.php?id=CVE-2019-10194
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts. Contraseñas confidenciales utilizadas en la implementación y configuración de oVirt Metrics, todas las versiones. Se detectó que no estaban suficientemente protegidas. Las contraseñas se pueden revelar en archivos de registro (si los playbooks se ejecutan con -v) o en los playbooks almacenados en los hosts de Metrics or Bastion. • http://www.securityfocus.com/bid/109140 https://access.redhat.com/errata/RHSA-2019:2499 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194 https://access.redhat.com/security/cve/CVE-2019-10194 https://bugzilla.redhat.com/show_bug.cgi?id=1726007 • CWE-532: Insertion of Sensitive Information into Log File •