36 matches found
EUVD-2009-3534
Malware in sbrugna...
EUVD-2010-2240
Malware in sbrugna...
EUVD-2012-5408
Malware in sbrugna...
CVE-2009-3552
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface a Windows Presentation Foundation WPF XAML browser application to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the...
Design/Logic Flaw
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface a Windows Presentation Foundation WPF XAML browser application to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the...
CVE-2009-3552
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface a Windows Presentation Foundation WPF XAML browser application to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the...
CVE-2009-3552
In RHEV-M VDC 2.2.0, the SSL certificate validation was not performed when using the client-side Red Hat Enterprise Virtualization Manager interface (a WPF-based browser app) to connect to the manager. This allows a local-network attacker to conduct a man-in-the-middle, potentially fooling users ...
Design/Logic Flaw
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager aka RHEV-M for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries...
CVE-2016-6338
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager aka RHEV-M for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries...
CVE-2016-6338
The CVE-2016-6338 issue affects ovirt-engine-webadmin (used by Red Hat Enterprise Virtualization Manager, RHEV-M, and RHEV-M 4.0). Root cause: webadmin session timeouts not properly enforced, enabling bypass via UI-driven actions that trigger repeating queries. Impact: potential session hijack/by...
Authorization
The Web Admin interface in Red Hat Enterprise Virtualization Manager RHEV-M allows local users to bypass the timeout function by selecting a VM in the VM grid view...
CVE-2015-1841
CVE-2015-1841 affects Red Hat Enterprise Virtualization Manager (RHEV-M) Web Admin interface: an idle timeout bypass allows a local user to access the web interface after selecting a VM in the VM grid view. Root cause is the web admin’s timeout not logging out when a VM is selected. The vulnerabi...
CVE-2014-0200
The CVE-2014-0200 issue affects the Red Hat Enterprise Virtualization Manager’s rhevm-reports package prior to version 3.3.3-1. The root cause is world-readable permissions on the datasource configuration file js-jboss7-ds.xml, which can let a local user read sensitive information. Red Hat RHSA-2...
CVE-2013-6434
The remote-viewer in Red Hat Enterprise Virtualization Manager RHEV-M before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server...
CVE-2013-6434
The CVE-2013-6434 issue affects Red Hat Enterprise Virtualization Manager (RHEV‑M) versions prior to 3.3, where the remote-viewer using a native SPICE client invocation initially makes insecure connections to the SPICE server. The underlying cause is how RHEV‑M relays SPICE connection information...
CVE-2013-4181
Cross-site scripting XSS vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager RHEV-M, as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecifi...
CVE-2013-4181
CVE-2013-4181 is a reflected cross-site scripting (XSS) vulnerability in the addAlert function of the RedirectServlet used by oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M) in Red Hat Enterprise Virtualization 3 and 3.2. The issue allows an attacker to cause the user’s browse...
PT-2013-4889 · Ovirt +1 · Ovirt Engine +1
Name of the Vulnerable Software and Affected Versions: oVirt Engine and Red Hat Enterprise Virtualization Manager RHEV-M versions 3 and 3.2 Description: A cross-site scripting XSS issue exists in the addAlert function within the RedirectServlet servlet. This allows remote attackers to inject...
Design/Logic Flaw
The domain management tool rhevm-manage-domains in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file...
Denial of service
The MoveDisk command in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service free space consumption of other storage domains via unspecified vectors...