CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-5516 – rhev-m: MoveDisk ignores the disk's wipe-after-delete property
https://notcve.org/view.php?id=CVE-2012-5516
04 Jan 2013 — Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se mueven discos entre dominios de almacenamiento, no efectúa de forma adecuada la eliminación segura (wipe) después de borrar, lo que evita que un disco no s... • http://rhn.redhat.com/errata/RHSA-2012-1506.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0860 – rhev: vds_installer insecure /tmp use
https://notcve.org/view.php?id=CVE-2012-0860
04 Jan 2013 — Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. Múltiples vulnerabilidades de path de búsqueda no confiable en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se añade un host, permite a usuario locales obtener privilegios a través de un fichero (1) deployUtil.py o (2) el mód... • http://rhn.redhat.com/errata/RHSA-2012-1506.html • CWE-377: Insecure Temporary File •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0861 – rhev: vds_installer is prone to MITM when downloading 2nd stage installer
https://notcve.org/view.php?id=CVE-2012-0861
04 Jan 2013 — The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. El vds_installer en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se añade un host, usa el parámetro "-k curl" cuando se descarga deployUtil.py y vds_b... • http://rhn.redhat.com/errata/RHSA-2012-1505.html • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2696 – rhev: backend allows unprivileged queries
https://notcve.org/view.php?id=CVE-2012-2696
04 Jan 2013 — The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. El "backend" en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1 no comprueba los privilegios de forma adecuada, lo que permite a usuarios remotos autenticados a consultar información a través de una consulta (1) SOAP o (2) GWT. • http://rhn.redhat.com/errata/RHSA-2012-1506.html • CWE-264: Permissions, Privileges, and Access Controls •