4 matches found
openstack-cinder: Data retained after deletion of a ScaleIO volume
An information-leak flaw was found in openstack-cinder deployments using the third-party EMC ScaleIO backend. It was possible for new volumes to contain previous data if they were created from storage pools which had disabled zero-padding. An attacker could exploit this flaw to obtain sensitive...
Design/Logic Flaw
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager aka RHEV-M before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a...
CVE-2010-2224
CVE-2010-2224 affects Red Hat Enterprise Virtualization Manager (RHEV-M) prior to version 2.2. The issue is that the snapshot merging function does not properly pass the postzero parameter during operations on deleted volumes, which can allow a guest OS to read (inspecting) disk blocks belonging ...
CVE-2010-2224
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager aka RHEV-M before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a...