Lucene search
K

220 matches found

CVE
CVE
added 2013/01/04 10:0 p.m.61 views

CVE-2012-0860

Concrete details found: CVE-2012-0860 affects Red Hat Enterprise Virtualization Manager (RHEV-M) up to version 3.1. The root cause is that Python configuration scripts (deployUtil.py or vds_bootstrap.py) stored in /tmp/ could be pre-created by a local unprivileged user during host addition, allow...

6.2CVSS6.7AI score0.004EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2013/01/04 10:0 p.m.64 views

CVE-2012-0861

The CVE-2012-0861 issue affects Red Hat Enterprise Virtualization Manager (RHEV-M) prior to version 3.1. During host addition, the vds_installer downloads deployUtil.py and vds_bootstrap.py with curl -k, skipping SSL certificate validation. This MITM condition lets an attacker on the local networ...

6.8CVSS7.5AI score0.00895EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2013/01/04 12:0 a.m.4 views

PT-2013-1518 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager RHEV-M versions prior to 3.1 Description: The issue allows local users to gain privileges via a Trojan horse Python module, specifically deployUtil.py or vds bootstrap.py, in the /tmp/ directory when...

6.2CVSS6.2AI score0.004EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2013/01/04 12:0 a.m.4 views

PT-2013-1519 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager RHEV-M versions prior to 3.1 Description: The issue concerns the use of the -k curl parameter by the vds installer when adding a host, which prevents SSL certificates from being validated. This allows...

6.8CVSS7.1AI score0.00895EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2012/12/04 6:52 p.m.4 views

rhev: vds_installer is prone to MITM when downloading 2nd stage installer

The vdsinstaller in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vdsbootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via...

6.8CVSS6.2AI score0.00895EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/04 6:52 p.m.2 views

SPICE screen locking race condition

Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors...

3.7CVSS5.8AI score0.00332EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/04 6:52 p.m.4 views

rhev-m: MoveDisk ignores the disk's wipe-after-delete property

Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors...

2.1CVSS5.8AI score0.00352EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/04 6:52 p.m.2 views

rhev: vds_installer insecure /tmp use

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse 1 deployUtil.py or 2 vdsbootstrap.py Python module in /tmp/...

6.2CVSS5.8AI score0.004EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/04 6:44 p.m.4 views

rhev: vds_installer is prone to MITM when downloading 2nd stage installer

The vdsinstaller in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vdsbootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via...

6.8CVSS6.2AI score0.00895EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/04 6:44 p.m.6 views

rhev: vds_installer insecure /tmp use

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse 1 deployUtil.py or 2 vdsbootstrap.py Python module in /tmp/...

6.2CVSS5.8AI score0.004EPSS
Exploits0References4
NVD
NVD
added 2011/05/20 10:55 p.m.18 views

CVE-2011-2163

Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors...

9.3CVSS6.4AI score0.01681EPSS
Exploits0References3
Prion
Prion
added 2011/05/20 10:55 p.m.13 views

Security feature bypass

Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors...

9.3CVSS6.9AI score0.01681EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.16 views

CVE-2011-2163

Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors...

6.4AI score0.01681EPSS
Exploits0References3
CVE
CVE
added 2011/05/20 10:0 p.m.36 views

CVE-2011-2163

Technical details about CVE-2011-2163 are not publicly available in the provided documents. Monitor for updates from official advisories.

9.3CVSS6.5AI score0.01681EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2010/12/08 6:0 p.m.15 views

Race condition

Race condition in the SPICE aka spice-activex plug-in for Internet Explorer in Red Hat Enterprise Virtualization RHEV Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in...

6.8CVSS6.8AI score0.01038EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2010/12/08 5:0 p.m.21 views

CVE-2010-2793

Race condition in the SPICE aka spice-activex plug-in for Internet Explorer in Red Hat Enterprise Virtualization RHEV Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in...

6.4AI score0.01038EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/12/06 6:55 p.m.6 views

Important: Red Hat Security Advisory: Red Hat Enterprise Virtualization Manager security update

Red Hat Enterprise Virtualization Manager 2.2.4 is now available for Red Hat Enterprise Virtualization. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.8CVSS5.8AI score0.01038EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2010/08/19 9:38 p.m.7 views

Moderate: Red Hat Security Advisory: Red Hat Enterprise Virtualization Manager security update

Red Hat Enterprise Virtualization Manager 2.2.2 is now available for Red Hat Enterprise Virtualization. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

3.1CVSS5.9AI score0.00353EPSS
Exploits0References3
CVE
CVE
added 2010/06/24 5:0 p.m.45 views

CVE-2010-2224

CVE-2010-2224 affects Red Hat Enterprise Virtualization Manager (RHEV-M) prior to version 2.2. The issue is that the snapshot merging function does not properly pass the postzero parameter during operations on deleted volumes, which can allow a guest OS to read (inspecting) disk blocks belonging ...

2.1CVSS6.1AI score0.00327EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2010/06/22 1:47 p.m.11 views

Moderate: Red Hat Security Advisory: Red Hat Enterprise Virtualization Manager security update

Red Hat Enterprise Virtualization Manager 2.2 is now available for Red Hat Enterprise Virtualization. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.9AI score0.87264EPSS
Exploits42References3
Rows per page
Query Builder