36 matches found
EUVD-2010-2240
Malware in sbrugna...
EUVD-2009-3534
Malware in sbrugna...
EUVD-2012-5408
Malware in sbrugna...
CVE-2009-3552
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface a Windows Presentation Foundation WPF XAML browser application to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the...
Design/Logic Flaw
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface a Windows Presentation Foundation WPF XAML browser application to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the...
CVE-2009-3552
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface a Windows Presentation Foundation WPF XAML browser application to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the...
CVE-2009-3552
In RHEV-M VDC 2.2.0, the SSL certificate validation was not performed when using the client-side Red Hat Enterprise Virtualization Manager interface (a WPF-based browser app) to connect to the manager. This allows a local-network attacker to conduct a man-in-the-middle, potentially fooling users ...
CVE-2016-6338
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager aka RHEV-M for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries...
Design/Logic Flaw
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager aka RHEV-M for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries...
CVE-2016-6338
The CVE-2016-6338 issue affects ovirt-engine-webadmin (used by Red Hat Enterprise Virtualization Manager, RHEV-M, and RHEV-M 4.0). Root cause: webadmin session timeouts not properly enforced, enabling bypass via UI-driven actions that trigger repeating queries. Impact: potential session hijack/by...
Authorization
The Web Admin interface in Red Hat Enterprise Virtualization Manager RHEV-M allows local users to bypass the timeout function by selecting a VM in the VM grid view...
CVE-2015-1841
CVE-2015-1841 affects Red Hat Enterprise Virtualization Manager (RHEV-M) Web Admin interface: an idle timeout bypass allows a local user to access the web interface after selecting a VM in the VM grid view. Root cause is the web admin’s timeout not logging out when a VM is selected. The vulnerabi...
CVE-2014-0200
The CVE-2014-0200 issue affects the Red Hat Enterprise Virtualization Manager’s rhevm-reports package prior to version 3.3.3-1. The root cause is world-readable permissions on the datasource configuration file js-jboss7-ds.xml, which can let a local user read sensitive information. Red Hat RHSA-2...
CVE-2013-6434
The remote-viewer in Red Hat Enterprise Virtualization Manager RHEV-M before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server...
CVE-2013-6434
The CVE-2013-6434 issue affects Red Hat Enterprise Virtualization Manager (RHEV‑M) versions prior to 3.3, where the remote-viewer using a native SPICE client invocation initially makes insecure connections to the SPICE server. The underlying cause is how RHEV‑M relays SPICE connection information...
CVE-2013-4181
Cross-site scripting XSS vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager RHEV-M, as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecifi...
CVE-2013-4181
CVE-2013-4181 is a reflected cross-site scripting (XSS) vulnerability in the addAlert function of the RedirectServlet used by oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M) in Red Hat Enterprise Virtualization 3 and 3.2. The issue allows an attacker to cause the user’s browse...
PT-2013-4889 · Ovirt +1 · Ovirt Engine +1
Name of the Vulnerable Software and Affected Versions: oVirt Engine and Red Hat Enterprise Virtualization Manager RHEV-M versions 3 and 3.2 Description: A cross-site scripting XSS issue exists in the addAlert function within the RedirectServlet servlet. This allows remote attackers to inject...
Denial of service
The MoveDisk command in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service free space consumption of other storage domains via unspecified vectors...
Design/Logic Flaw
The domain management tool rhevm-manage-domains in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file...