Page 3 of 17 results (0.010 seconds)

CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, en ciertas condificones no especificadas, no bloquea la pantalla del escritorio entre sesiones SPICE, lo que permite a usuarios locales con acceso a una máquina virtual a obtener acceso a otra sesión de usuario a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2012-1506.html http://rhn.redhat.com/errata/RHSA-2012-1508.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://bugzilla.redhat.com/show_bug.cgi?id=754876 https://access.redhat.com/security/cve/CVE-2011-4316 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.7EPSS: 0%CPEs: 4EXPL: 0

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. El "backend" en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1 no comprueba los privilegios de forma adecuada, lo que permite a usuarios remotos autenticados a consultar información a través de una consulta (1) SOAP o (2) GWT. • http://rhn.redhat.com/errata/RHSA-2012-1506.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://exchange.xforce.ibmcloud.com/vulnerabilities/80545 https://access.redhat.com/security/cve/CVE-2012-2696 https://bugzilla.redhat.com/show_bug.cgi?id=831565 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se mueven discos entre dominios de almacenamiento, no efectúa de forma adecuada la eliminación segura (wipe) después de borrar, lo que evita que un disco no sea borrado de forma segura, y permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2012-1506.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://exchange.xforce.ibmcloud.com/vulnerabilities/80546 https://access.redhat.com/security/cve/CVE-2012-5516 https://bugzilla.redhat.com/show_bug.cgi?id=875370 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. Múltiples vulnerabilidades de path de búsqueda no confiable en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se añade un host, permite a usuario locales obtener privilegios a través de un fichero (1) deployUtil.py o (2) el módulo en Phyton en /tmp/.. • http://rhn.redhat.com/errata/RHSA-2012-1506.html http://rhn.redhat.com/errata/RHSA-2012-1508.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://bugzilla.redhat.com/show_bug.cgi?id=790730 https://exchange.xforce.ibmcloud.com/vulnerabilities/80543 https://access.redhat.com/security/cve/CVE-2012-0860 • CWE-377: Insecure Temporary File •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. El vds_installer en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se añade un host, usa el parámetro "-k curl" cuando se descarga deployUtil.py y vds_bootstrap.py, lo que evita que los certificados SSL seran validados y permite a atacantes remotos a ejecutar código Python a través de un ataque "Man in the Middle". • http://rhn.redhat.com/errata/RHSA-2012-1505.html http://rhn.redhat.com/errata/RHSA-2012-1506.html http://rhn.redhat.com/errata/RHSA-2012-1508.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://exchange.xforce.ibmcloud.com/vulnerabilities/80544 https://access.redhat.com/security/cve/CVE-2012-0861 https://bugzilla.redhat.com/show_bug.cgi?id=790754 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •