CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0861 – rhev: vds_installer is prone to MITM when downloading 2nd stage installer
https://notcve.org/view.php?id=CVE-2012-0861
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. El vds_installer en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se añade un host, usa el parámetro "-k curl" cuando se descarga deployUtil.py y vds_bootstrap.py, lo que evita que los certificados SSL seran validados y permite a atacantes remotos a ejecutar código Python a través de un ataque "Man in the Middle". • http://rhn.redhat.com/errata/RHSA-2012-1505.html http://rhn.redhat.com/errata/RHSA-2012-1506.html http://rhn.redhat.com/errata/RHSA-2012-1508.html http://www.securityfocus.com/bid/56825 http://www.securitytracker.com/id?1027838 https://exchange.xforce.ibmcloud.com/vulnerabilities/80544 https://access.redhat.com/security/cve/CVE-2012-0861 https://bugzilla.redhat.com/show_bug.cgi?id=790754 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2010-2793 – spice activex/spicec named pipe races
https://notcve.org/view.php?id=CVE-2010-2793
Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. Condición de carrera en el plug-in SPICE (también conocido como spice-activex) para Internet Explorer en Red Hat Enterprise Virtualization (RHEV) Manager, en versiones anteriores a la 2.2.4, permite a usuarios locales crear una cierta tubería (pipe), y obtener privilegios, mediante vectores involucrados en el conocimiento del nombre de esta tubería junto con el uso de la función ImpersonateNamedPipeClient. • http://securitytracker.com/id?1024825 http://www.securityfocus.com/bid/45213 https://bugzilla.redhat.com/show_bug.cgi?id=620355 https://rhn.redhat.com/errata/RHSA-2010-0818.html https://access.redhat.com/security/cve/CVE-2010-2793 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2224 – rhev-m: merge snapshot does not pass postzero parameter for deleted volumes
https://notcve.org/view.php?id=CVE-2010-2224
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. La funcionalidad snapshot merging en Red Hat Enterprise Virtualization Manager (conocido como RHEV-M) anterior v2.2 no pasa adecuadamente el parámetro prostzero durante las operaciones en el borrado de volúmenes, lo que permite a usarios invitados OS obtener información sensible por examinación de los bloques de discos asociados con una maquina virtual borrada. • http://www.securityfocus.com/bid/41045 https://bugzilla.redhat.com/show_bug.cgi?id=606774 https://rhn.redhat.com/errata/RHSA-2010-0478.html https://access.redhat.com/security/cve/CVE-2010-2224 • CWE-264: Permissions, Privileges, and Access Controls •