4 matches found
CVE-2010-3585
Oracle VM 2.2.x ovs-agent exposed XML-RPC endpoints allowing authenticated remote users to trigger command execution as root, leading to potential full compromise of the Oracle VM Server and its guests. Public records indicate an XML-RPC exposure enabling function calls not aligned with intended ...
CVE-2010-3583
CVE-2010-3583 is tied to Oracle VM 2.2.1, where the Oracle VM Agent (ovs-agent) exposes functions via XML-RPC. A vulnerability exists in the ovs-agent channel that can allow an authenticated, remote attacker to execute arbitrary OS commands, impacting confidentiality, integrity, and availability ...
CVE-2010-3582
CVE-2010-3582 concerns Oracle VM 2.2.1, where an input validation flaw in the Oracle VM Server Agent’s XML-RPC processing (utl_test_url) enables a remote authenticated attacker to inject commands with root privileges, compromising confidentiality, integrity, and availability. The issue is specifi...
CVE-2010-3584
CVE-2010-3584 affects Oracle VM 2.2.1, specifically the ovs-agent component. The issue, described as a local privilege escalation, arises from how Oracle VM Agent stores authentication data in files with weak permissions, enabling a local user to affect confidentiality, integrity and availability...