220 matches found
Moderate: Red Hat Security Advisory: qemu-kvm-rhev security update
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Moderate: Red Hat Security Advisory: qemu-kvm-rhev security update
An update for qemu-kvm-rhev is now available for RHEV-H and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization (CVE-2016-3642)
An insecure deserialization vulnerability has been reported in Solarwinds Virtualization Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker...
Moderate: Red Hat Security Advisory: qemu-kvm-rhev security update
An update for qemu-kvm-rhev is now available for RHEV-H and Agents for RHEL-6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
The vulnerability of the SolarWinds Virtualization Manager software allows a hacker to execute arbitrary commands.
The vulnerability of the RMI component of the SolarWinds Virtualization Manager relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely, using a specially crafted serialized Java object...
The vulnerability of the SolarWinds Virtualization Manager software allows a hacker to increase their privileges.
The vulnerability of the SolarWinds Virtualization Manager software is related to configuration errors. Exploiting this vulnerability can allow an attacker, operating locally, to gain increased privileges due to incorrect configuration of sudo...
SolarWinds Virtualization Manager Java Object Deserialization RCE
The remote SolarWinds Virtualization Manager server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a specially...
CVE-2016-5709
SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack...
CVE-2016-5709
SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack...
CVE-2016-5709
CVE-2016-5709 affects SolarWinds Virtualization Manager 6.3.1 and earlier. The root cause is weak encryption of passwords stored in /etc/shadow, enabling a local attacker with superuser privileges to brute-force and obtain user passwords. Documented impact is local, with partial confidentiality e...
Solarwinds Virtualization Manager Information Disclosure Vulnerability
Solarwinds Virtualization Manager is a suite of software from SolarWinds, Inc. that is used to manage and monitor virtualization products. The software provides capacity management, performance monitoring, and configuration management. A security vulnerability exists in Solarwinds Virtualization...
SolarWinds Virtualization Manager Privilege Gain Vulnerability
Solarwinds Virtualization Manager is a suite of software from SolarWinds, Inc. that is used to manage and monitor virtualization products. The software provides capacity management, performance monitoring and configuration management. A privilege acquisition vulnerability exists in SolarWinds...
CVE-2016-3643
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."...
CVE-2016-3642
The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...
Design/Logic Flaw
The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...
CVE-2016-3643
SolarWinds Virtualization Manager
CVE-2016-3642
Summary: CVE-2016-3642 affects SolarWinds Virtualization Manager; the RMI service (port 1099/TCP) can be exploited via a crafted serialized Java object to achieve remote code execution, due to insecure deserialization tied to Apache Commons Collections (ACC). The vulnerability is present in 6.3.1...
CVE-2016-3643
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."...
CVE-2016-3643
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by “sudo cat /etc/passwd.” Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
SolarWinds Virtualization Manager - Local Privilege Escalation
SolarWinds Virtualization Manager - Local Privilege Escalation Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Versions: 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th,...