Page 3 of 15 results (0.032 seconds)

CVSS: 2.7EPSS: 0%CPEs: 4EXPL: 0

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. El "backend" en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1 no comprueba los privilegios de forma adecuada, lo que permite a usuarios remotos autenticados a consultar información a través de una consulta (1) SOAP o (2) GWT. • http://rhn.redhat.com/errata/RHSA-2012-1506.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://exchange.xforce.ibmcloud.com/vulnerabilities/80545 https://access.redhat.com/security/cve/CVE-2012-2696 https://bugzilla.redhat.com/show_bug.cgi?id=831565 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se mueven discos entre dominios de almacenamiento, no efectúa de forma adecuada la eliminación segura (wipe) después de borrar, lo que evita que un disco no sea borrado de forma segura, y permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2012-1506.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://exchange.xforce.ibmcloud.com/vulnerabilities/80546 https://access.redhat.com/security/cve/CVE-2012-5516 https://bugzilla.redhat.com/show_bug.cgi?id=875370 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. Múltiples vulnerabilidades de path de búsqueda no confiable en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se añade un host, permite a usuario locales obtener privilegios a través de un fichero (1) deployUtil.py o (2) el módulo en Phyton en /tmp/.. • http://rhn.redhat.com/errata/RHSA-2012-1506.html http://rhn.redhat.com/errata/RHSA-2012-1508.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://bugzilla.redhat.com/show_bug.cgi?id=790730 https://exchange.xforce.ibmcloud.com/vulnerabilities/80543 https://access.redhat.com/security/cve/CVE-2012-0860 • CWE-377: Insecure Temporary File •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. El vds_installer en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se añade un host, usa el parámetro "-k curl" cuando se descarga deployUtil.py y vds_bootstrap.py, lo que evita que los certificados SSL seran validados y permite a atacantes remotos a ejecutar código Python a través de un ataque "Man in the Middle". • http://rhn.redhat.com/errata/RHSA-2012-1505.html http://rhn.redhat.com/errata/RHSA-2012-1506.html http://rhn.redhat.com/errata/RHSA-2012-1508.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://exchange.xforce.ibmcloud.com/vulnerabilities/80544 https://access.redhat.com/security/cve/CVE-2012-0861 https://bugzilla.redhat.com/show_bug.cgi?id=790754 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. Condición de carrera en el plug-in SPICE (también conocido como spice-activex) para Internet Explorer en Red Hat Enterprise Virtualization (RHEV) Manager, en versiones anteriores a la 2.2.4, permite a usuarios locales crear una cierta tubería (pipe), y obtener privilegios, mediante vectores involucrados en el conocimiento del nombre de esta tubería junto con el uso de la función ImpersonateNamedPipeClient. • http://securitytracker.com/id?1024825 http://www.securityfocus.com/bid/45213 https://bugzilla.redhat.com/show_bug.cgi?id=620355 https://rhn.redhat.com/errata/RHSA-2010-0818.html https://access.redhat.com/security/cve/CVE-2010-2793 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •