Multiple RBAC issues in XAPI

ISSUE DESCRIPTION XAPI can configure different users with different roles, using Role Based Access Control. For more details, see: https://docs.xenserver.com/en-us/xencenter/current-release/rbac-overview.htmlrbac-roles The pool-admin role is fully privileged. Notably, users with this role can als...

EUVD-2015-1907

Malware in sbrugna...

RHEL 7 : ovirt-engine-backend (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ovirt-engine: connection does not validate certificate attributes. CVE-2014-3706 - Red Hat Enterprise...

Important: Red Hat Security Advisory: Red Hat Virtualization security and bug fix update

An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Important: Red Hat Security Advisory: RHV RHEL Host (ovirt-host) [ovirt-4.5.2] security update

Updated host packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : RHV-M (ovirt-engine) 4.4.z security, upd[ovirt-4.4.4] 0-day (Moderate) (RHSA-2021:0383)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0383 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and...

Important: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update

An update for cockpit-ovirt, redhat-release-virtualization-host, redhat-virtualization-host, and v2v-conversion-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

CVE-2015-1780

oVirt users with MANIPULATESTORAGEDOMAIN permissions can attach a storage domain to any data-center...

Design/Logic Flaw

oVirt users with MANIPULATESTORAGEDOMAIN permissions can attach a storage domain to any data-center...

CVE-2015-1780

oVirt users with MANIPULATESTORAGEDOMAIN permissions can attach a storage domain to any data-center...

CVE-2015-1780

CVE-2015-1780 affects oVirt (notably ovirt-engine) where users holding MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center. The connected Nessus entries corroborate an unpatched exposure for this vulnerability, but the provided documents do not include patch versi...

CVE-2017-9045

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocksv4.json file...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Virtualization Manager 3.5.0-1 ASYNC

Red Hat Enterprise Virtualization Manager 3.5.0 is now available. Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualizati...

RHEL 6 : rhevm 3.1.2 (RHSA-2013:0211)

Updated rhevm packages that fix two security issues and various bugs are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

CVE-2013-2144

Red Hat Enterprise Virtualization Manager RHEVM before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service disk space consumption by cloning a VM from a snapshot...

Moderate: Red Hat Security Advisory: Red Hat Enterprise Virtualization Manager 3.2 update

Red Hat Enterprise Virtualization Manager 3.2 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CVE link in the...

CVE-2013-0168

The MoveDisk command in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service free space consumption of other storage domains via unspecified vectors...

rhev-m: insufficient MoveDisk target domain permission checks

The MoveDisk command in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service free space consumption of other storage domains via unspecified vectors...

rhev-m: MoveDisk ignores the disk's wipe-after-delete property

Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors...