CVSS: 5.5EPSS: 0%CPEs: 71EXPL: 0CVE-2012-2690 – libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)
https://notcve.org/view.php?id=CVE-2012-2690
29 Jun 2012 — virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. virt-edit de libguestfs anteriores a 1.18.0 no conserva los permisos del archivo original y guarda el nuevo fichero con permisos de lectura para otros al editar, lo que puede permitir a usuarios locales inviados obtener información confidencial. • http://rhn.redhat.com/errata/RHSA-2012-0774.html • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2010-3851 – libguestfs: missing disk format specifier when adding a disk
https://notcve.org/view.php?id=CVE-2010-3851
04 Nov 2010 — libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier. libguestfs anterior a v1.5.23, que se utiliza en virt-V2V, virt-inspector v1.5.3 y anteriores, y posiblemente otros productos, cuando una imagen de disco sin formato se utiliza, permite a a... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •