EUVD-2016-5432

Malware in sbrugna...

EUVD-2015-7459

Malware in sbrugna...

RHEL 6 : Virtualization (RHSA-2018:1688) (Spectre)

An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 6 : Virtualization (RHSA-2018:1689) (Spectre)

An update for rhevm-setup-plugins is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2015-7544

CVE-2015-7544 affects the redhat-support-plugin-rhev component in Red Hat Enterprise Virtualization Manager (RHEV Manager). The root cause is that the log viewer passed a user-specified path/filename directly to the command line, enabling remote authenticated users with the SuperUser role on any ...

CVE-2016-4443

The CVE-2016-4443 issue affects Red Hat Virtualization Manager (RHEV/RHV) 3.6. A local attacker could read the engine-setup log file and obtain sensitive data, including encryption keys and certificates, due to improper logging of setup results. The root cause is leakage of confidential informati...

RHEL 6 : Virtualization Manager (RHSA-2016:1929)

An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2016-4443

A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates which could then be used to steal other sensitive information such as passwords...

Directory traversal

Red Hat Enterprise Virtualization RHEV Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory...

CVE-2015-0257

CVE-2015-0257 affects Red Hat Enterprise Virtualization (RHEV) Manager (3.5.0 prior to 3.5.1). The vulnerability arises from weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, enabling a local user to read files in the directory and po...

CVE-2010-2793

CVE-2010-2793 describes a race-condition in the SPICE plug-in for Internet Explorer used by Red Hat Enterprise Virtualization Manager (RHEV) prior to 2.2.4. The flaw lets a local attacker potentially gain privileges by exploiting knowledge of a specific named pipe and using ImpersonateNamedPipeCl...