CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5201
https://notcve.org/view.php?id=CVE-2015-5201
25 Feb 2020 — VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. VDSM y libvirt en Red Hat Enterprise Virtualization Hypervisor (también se conoce como RHEV-H) versiones 7-7.x anteriores a 7-7.2-20151119... • https://access.redhat.com/security/cve/cve-2015-5201 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6310
https://notcve.org/view.php?id=CVE-2016-6310
22 Aug 2017 — oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. oVirt Engine divulga ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD en un archivo /var/log/ovirt-engine/engine.log en RHEV en versiones anteriores a la 4.0. • http://www.securityfocus.com/bid/92345 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 0CVE-2017-7481 – ansible: Security issue with lookup return not tainting the jinja2 environment
https://notcve.org/view.php?id=CVE-2017-7481
18 May 2017 — Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. Ansible en versiones anteriores a la 2.3.1.0 y 2.4.0.0 no marca correctamente los resultados del plugin lookup como no seguros. Si un atacante pudiese c... • http://www.securityfocus.com/bid/98492 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 47EXPL: 0CVE-2016-3710 – qemu: incorrect banked access bounds checking in vga module
https://notcve.org/view.php?id=CVE-2016-3710
09 May 2016 — The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. El módulo VGA en QEMU lleva a cabo incorrectamente comprobaciones de límites sobre acceso almacenado a la memoria de vídeo, lo que permite a administradores locales de SO invitado ejecutar código arbitrario sobre el anfitrión cambiando los modos de ac... • http://rhn.redhat.com/errata/RHSA-2016-0724.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4181 – ovirt-engine: RedirectServlet cross-site scripting flaw
https://notcve.org/view.php?id=CVE-2013-4181
10 Sep 2013 — Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la función addAlert en RedirectServlet servlet en oVirt Engine y Red Hat Enterprise Virtualization Manager (RHEV-M), utilizado en Red Hat Enterprise Virtualization 3 y 3.2, perm... • http://rhn.redhat.com/errata/RHSA-2013-1210.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4236 – vdsm: incomplete fix for CVE-2013-0167 issue
https://notcve.org/view.php?id=CVE-2013-4236
13 Aug 2013 — VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. VDSM en Red Hat Enterprise Virtualization 3 y 3.2, permite a a usuarios con provilegios en la máquina "invitada" provocar que el host no "esté disponible para el servidor de gestión" a través de carácteres XML no válidos en una respuesta. NOTA: e... • http://gerrit.ovirt.org/gitweb?p=vdsm.git%3Ba=commit%3Bh=5fe1615b7949999fc9abd896bde63bf24f8431d6 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2176 – rhev-m: rhev-apt service unquoted search path
https://notcve.org/view.php?id=CVE-2013-2176
01 Aug 2013 — Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. Vulnerabilidad de búsqueda de ruta sin entrecomillar en Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) en el paquete hev-guest-tools-iso 3.2, permite a usuarios locales elevar sus privilegios a través de una aplicación del tipo "troyano". The rhev-g... • http://rhn.redhat.com/errata/RHSA-2013-1122.html • CWE-399: Resource Management Errors CWE-428: Unquoted Search Path or Element •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2151 – rhevm: rhev agent service unquoted search path
https://notcve.org/view.php?id=CVE-2013-2151
11 Jun 2013 — Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. Vulnerabilidad de ruta de búsqueda en Windows sin comillas de Red Hat Enterprise Virtualization (RHEV) 3 y 3.2 permite a usuarios locales obtener privilegios a través de una aplicación manipulada en una carpeta sin especificar. The rhev-guest-tools-iso package contains tools and drivers. These tools and drivers are required... • http://rhn.redhat.com/errata/RHSA-2013-0925.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2152 – rhevm: spice service unquoted search path
https://notcve.org/view.php?id=CVE-2013-2152
11 Jun 2013 — Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. Vulnerabilidad de ruta de búsqueda en Windows sin comillas en el servicio SPICE, tal como se usa en Red Hat Enterprise Virtualization (RHEV) 3.2, permite a usuarios locales obtener privilegios a través de una aplicación manipulada en una carpeta sin especificar. The rhev-guest-tools-iso package cont... • http://rhn.redhat.com/errata/RHSA-2013-0924.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0167 – vdsm: unfiltered guestInfo dictionary DoS
https://notcve.org/view.php?id=CVE-2013-0167
11 Jun 2013 — VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." VDSM en Red Hat Enterprise Virtualization 3 y 3.2, permite a usuarios invitados con privilegios provocar que la maquina anfitriona "no esté disponible para el servidor de gestión" a través de diccionarios "guestInfo" con "campos inesperados". The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualiz... • https://bugzilla.redhat.com/show_bug.cgi?id=893332 •