19 results (0.098 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

25 Feb 2020 — VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. VDSM y libvirt en Red Hat Enterprise Virtualization Hypervisor (también se conoce como RHEV-H) versiones 7-7.x anteriores a 7-7.2-20151119... • https://access.redhat.com/security/cve/cve-2015-5201 • CWE-306: Missing Authentication for Critical Function •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

09 Nov 2019 — In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-cont... • https://access.redhat.com/security/cve/cve-2009-3552 • CWE-295: Improper Certificate Validation •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

22 Aug 2017 — oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. oVirt Engine divulga ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD en un archivo /var/log/ovirt-engine/engine.log en RHEV en versiones anteriores a la 4.0. • http://www.securityfocus.com/bid/92345 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0

22 Jan 2014 — The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server. El visor remoto en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a 3.3, cuando se utiliza un método de invocación de clientes SPICE nativos, inicialmente hace conexiones inseguras al servidor SPICE, lo cual permite a atacantes man-in-... • http://rhn.redhat.com/errata/RHSA-2014-0038.html • CWE-264: Permissions, Privileges, and Access Controls CWE-300: Channel Accessible by Non-Endpoint •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

11 Jun 2013 — Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. Red Hat Enterprise Virtualization Manager (RHEVM) anterior a 3.2, no maneja adecuadamente los permisos para el dominio de almacenamiento objetivo, lo que permite a atacantes provocar una denegación de servicio (consumo de espacio de disco) mediante el clonado de una máquina... • http://rhn.redhat.com/errata/RHSA-2013-0888.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

12 Mar 2013 — The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. La herramienta para la gestión de dominios (rhevm-manage-domains)Red Hat Enterprise Virtualization Manager (RHEV-M) v3.1 y anteriores, cuando la opción de validación está activada, registra la contraseña administ... • http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commit%3Bh=e8c72daec4efa8be0fcd8ea55c41e855ddd8eedf • CWE-255: Credentials Management Errors •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

12 Mar 2013 — The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. El comando MoveDisk en Red Hat Enterprise Virtualization Manager (RHEV-M) v3.1 y anteriores, no valida adecuadamente los permisos en los dominios de almacenamiento, lo que permite a administradores de almacenamie... • http://rhn.redhat.com/errata/RHSA-2013-0211.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

04 Jan 2013 — Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se mueven discos entre dominios de almacenamiento, no efectúa de forma adecuada la eliminación segura (wipe) después de borrar, lo que evita que un disco no s... • http://rhn.redhat.com/errata/RHSA-2012-1506.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

04 Jan 2013 — Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. Múltiples vulnerabilidades de path de búsqueda no confiable en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se añade un host, permite a usuario locales obtener privilegios a través de un fichero (1) deployUtil.py o (2) el mód... • http://rhn.redhat.com/errata/RHSA-2012-1506.html • CWE-377: Insecure Temporary File •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0

04 Jan 2013 — The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. El vds_installer en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a v3.1, cuando se añade un host, usa el parámetro "-k curl" cuando se descarga deployUtil.py y vds_b... • http://rhn.redhat.com/errata/RHSA-2012-1505.html • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •