CVE-2010-0430 – libspice: Insufficient guest provided memory mappings boundaries validations
https://notcve.org/view.php?id=CVE-2010-0430
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings. libspice, como es utilizada en QUEMU-KVM en Red Hat Enterprise Virtualization Hypervisor (también conocido como RHEV-H o rhev-hypervisor) anteriores a 5.5-2.2 y posiblemente otros productos, permite a usuarios de SO invitados leer o escribir de memoria QEMU arbitraria modificando la dirección que es utilizada por Cairo para mapeados de memoria. • http://rhn.redhat.com/errata/RHSA-2010-0271.html https://bugzilla.redhat.com/show_bug.cgi?id=568702 https://rhn.redhat.com/errata/RHSA-2010-0476.html https://access.redhat.com/security/cve/CVE-2010-0430 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2223 – vdsm: missing VM post-zeroing after removal
https://notcve.org/view.php?id=CVE-2010-2223
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. Virtual Desktop Server Manager (VDSM) en Red Hat Enterprise Virtualization Hypervisor (conocido como RHEV-H or rhev-hypervisor) anterior v5.5-2.2 no actúa adecuadamente después del borrado de los datos de una máquina virtual, lo que permite a usuarios invitados obtener información sensible por examinación de bloques de discos asociados con una máquina virtual borrada. • http://securitytracker.com/id?1024137 http://www.securityfocus.com/bid/41044 https://bugzilla.redhat.com/show_bug.cgi?id=604752 https://rhn.redhat.com/errata/RHSA-2010-0473.html https://rhn.redhat.com/errata/RHSA-2010-0476.html https://access.redhat.com/security/cve/CVE-2010-2223 • CWE-264: Permissions, Privileges, and Access Controls •