7 results (0.010 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

24 Aug 2017 — Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. Red Hat Enterprise Virtualization Manager 3.6 y anteriores entrega direcciones SLAAC IPv6 válidas a interfaces cuando "boot protocol" se establece como None. Esto podría permitir que atacantes remotos se comuniquen con un sistema diseñado para ser inalcanzable. • https://access.redhat.com/security/cve/CVE-2015-5293 • CWE-284: Improper Access Control •

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0

10 Mar 2016 — redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. redhat-support-plugin-rhev en Red Hat Enterprise Virtualization Manager (también llamado RHEV Manager) en versiones anteriores a la 3.6 permite que los usuarios autenticados remotos con el papel de SuperUser en cualquier entidad ejecuten código arbitrario en cualquier ho... • https://bugzilla.redhat.com/show_bug.cgi?id=1269588 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

28 Apr 2015 — Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. Red Hat Enterprise Virtualization (RHEV) Manager anterior a 3.5.1 ignora el permiso para denegar la creación de instantáneas durante la migración del almacenaje en vivo entre dominios, lo que permite a usuarios remotos autenticad... • http://rhn.redhat.com/errata/RHSA-2015-0888.html • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

28 Apr 2015 — Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. Red Hat Enterprise Virtualization (RHEV) Manager anterior a 3.5.1 utiliza permisos débiles en los directorios compartidos por el servicio ovirt-engine-dwhd y un plugin durante el inicio del servicio, lo que permite a usuarios locales obtene... • http://rhn.redhat.com/errata/RHSA-2015-0888.html • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 10.0EPSS: 89%CPEs: 345EXPL: 23

25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •

CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 136

24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

04 Sep 2014 — The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue. El módulo de backend oVirt Engine, como el utilizado en Red Hat Enterprise Virtualization Manager anterior a 3.4.2, utiliza una 'DocumentBuilderFactory insegura', lo que permite a atacantes rem... • http://rhn.redhat.com/errata/RHSA-2014-1161.html • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •