CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5201
https://notcve.org/view.php?id=CVE-2015-5201
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. VDSM y libvirt en Red Hat Enterprise Virtualization Hypervisor (también se conoce como RHEV-H) versiones 7-7.x anteriores a 7-7.2-20151119.0 y versiones 6-6.x anteriores a 6-6.7-20151117.0, como es paquetizado en Red Hat Enterprise Virtualization versiones anteriores a 3.5.6, cuando VSDM se ejecuta con -spice disable-ticketing y una VM es suspendida y luego restaurada, permite a atacantes remotos iniciar sesión sin autenticación por medio de vectores no especificados. • https://access.redhat.com/security/cve/cve-2015-5201 https://bugzilla.redhat.com/show_bug.cgi?id=1253882 https://bugzilla.redhat.com/show_bug.cgi?id=1273144 https://rhn.redhat.com/errata/RHEA-2015-2527.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0877
https://notcve.org/view.php?id=CVE-2012-0877
PyXML: Hash table collisions CPU usage Denial of Service PyXML: la CPU de colisiones de tablas hash usa una Denegación de Servicio • http://seclists.org/oss-sec/2014/q3/96 http://www.openwall.com/lists/oss-security/2014/07/08/11 https://access.redhat.com/security/cve/cve-2012-0877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877 https://security-tracker.debian.org/tracker/CVE-2012-0877 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0430 – libspice: Insufficient guest provided memory mappings boundaries validations
https://notcve.org/view.php?id=CVE-2010-0430
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings. libspice, como es utilizada en QUEMU-KVM en Red Hat Enterprise Virtualization Hypervisor (también conocido como RHEV-H o rhev-hypervisor) anteriores a 5.5-2.2 y posiblemente otros productos, permite a usuarios de SO invitados leer o escribir de memoria QEMU arbitraria modificando la dirección que es utilizada por Cairo para mapeados de memoria. • http://rhn.redhat.com/errata/RHSA-2010-0271.html https://bugzilla.redhat.com/show_bug.cgi?id=568702 https://rhn.redhat.com/errata/RHSA-2010-0476.html https://access.redhat.com/security/cve/CVE-2010-0430 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1576 – kernel: net: Fix memory leak/corruption on VLAN GRO_DROP
https://notcve.org/view.php?id=CVE-2011-1576
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. Vulnerabilidad en la implementación de Generic Receive Offload (GRO) en el kernel de Linux versión 2.6.18 en Red Hat Enterprise Linux versiones 5 y 2.6.32 en Red Hat Enterprise Linux versión 6, tal y como se utiliza en el Hypervisor Red Hat Enterprise Virtualization (RHEV) y otros productos, permite a los atacantes remotos generar un denegación de servicio mediante paquetes VLAN creados que son procesados por la función napi_reuse_skb, lo que conduce a (1) una fuga de memoria o (2) daños en la memoria, una vulnerabilidad diferente a CVE-2011-1478. • http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.redhat.com/support/errata/RHSA-2011-1090.html http://www.redhat.com/support/errata/RHSA-2011-1106.html http://www.securityfocus.com/bid/48907 http://www.securitytracker.com/id?1025853 https://bugzilla.redhat.com/show_bug.cgi?id=695173 https://access.redhat.com/security/cve/CVE-2011-1576 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2223 – vdsm: missing VM post-zeroing after removal
https://notcve.org/view.php?id=CVE-2010-2223
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. Virtual Desktop Server Manager (VDSM) en Red Hat Enterprise Virtualization Hypervisor (conocido como RHEV-H or rhev-hypervisor) anterior v5.5-2.2 no actúa adecuadamente después del borrado de los datos de una máquina virtual, lo que permite a usuarios invitados obtener información sensible por examinación de bloques de discos asociados con una máquina virtual borrada. • http://securitytracker.com/id?1024137 http://www.securityfocus.com/bid/41044 https://bugzilla.redhat.com/show_bug.cgi?id=604752 https://rhn.redhat.com/errata/RHSA-2010-0473.html https://rhn.redhat.com/errata/RHSA-2010-0476.html https://access.redhat.com/security/cve/CVE-2010-2223 • CWE-264: Permissions, Privileges, and Access Controls •