CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0431 – qemu: Insufficient guest provided pointers validation
https://notcve.org/view.php?id=CVE-2010-0431
QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. QEMU-KVM, tal como se utiliza en el Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, no valida correctamente los punteros a controladores QXL, lo que permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (uso de puntero invalido y la caída del sistema operativo huésped) o posiblemente ganar privilegios a través de vectores no especificados. • https://bugzilla.redhat.com/show_bug.cgi?id=568809 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-0431 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0435 – kvm: vmx null pointer dereference
https://notcve.org/view.php?id=CVE-2010-0435
The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. El Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, cuando la extensión Intel VT-x está activada, permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (uso de puntero nulo y caida del sistema operativo anfitrión) a través de vectores relacionados con la emulación de instrucciones. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://secunia.com/advisories/42778 http://www.vupen.com/english/advisories/2011/0012 https://bugzilla.redhat.com/show_bug.cgi?id=570528 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-0435 • CWE-476: NULL Pointer Dereference •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2784 – qemu: insufficient constraints checking in exec.c:subpage_register()
https://notcve.org/view.php?id=CVE-2010-2784
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. La funcionalidad de inicialización de subpaginas MMIO en la función subpage_register de exec.c en QEMU-KVM, tal como se utiliza en Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, no selecciona adecuadamente el índice para acceder a la matriz de callback, lo que permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (caida del sistema operativo) o posiblemente obtener privilegios mediante vectores no especificados. • http://www.spinics.net/lists/kvm/msg39173.html https://bugzilla.redhat.com/show_bug.cgi?id=619411 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-2784 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2811 – vdsm: SSL accept() blocks on a non-blocking Connection
https://notcve.org/view.php?id=CVE-2010-2811
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic. Virtual Desktop Server Manager (VDSM) en Red Hat Enterprise Virtualization (RHEV) v2.2 no acepta adecuadamente conexiones TCP para sesiones de SSL, que permite a atacantes remotos provocar una denegación de servicio (parada de demonio) a través de tráfico SSL debidamente modificado. • http://securitytracker.com/id?1024347 http://www.securityfocus.com/bid/42580 https://bugzilla.redhat.com/show_bug.cgi?id=622928 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0628.html https://access.redhat.com/security/cve/CVE-2010-2811 •