Lucene search
K

4 matches found

CVE
CVE
added 2010/10/14 5:0 p.m.71 views

CVE-2010-3585

Oracle VM 2.2.x ovs-agent exposed XML-RPC endpoints allowing authenticated remote users to trigger command execution as root, leading to potential full compromise of the Oracle VM Server and its guests. Public records indicate an XML-RPC exposure enabling function calls not aligned with intended ...

9CVSS5.3AI score0.52706EPSS
Web
CVE
CVE
added 2010/10/14 5:0 p.m.58 views

CVE-2010-3583

CVE-2010-3583 is tied to Oracle VM 2.2.1, where the Oracle VM Agent (ovs-agent) exposes functions via XML-RPC. A vulnerability exists in the ovs-agent channel that can allow an authenticated, remote attacker to execute arbitrary OS commands, impacting confidentiality, integrity, and availability ...

9CVSS5.8AI score0.04862EPSS
CVE
CVE
added 2010/10/14 5:0 p.m.52 views

CVE-2010-3582

CVE-2010-3582 concerns Oracle VM 2.2.1, where an input validation flaw in the Oracle VM Server Agent’s XML-RPC processing (utl_test_url) enables a remote authenticated attacker to inject commands with root privileges, compromising confidentiality, integrity, and availability. The issue is specifi...

9CVSS5.5AI score0.02381EPSS
CVE
CVE
added 2010/10/14 5:0 p.m.50 views

CVE-2010-3584

CVE-2010-3584 affects Oracle VM 2.2.1, specifically the ovs-agent component. The issue, described as a local privilege escalation, arises from how Oracle VM Agent stores authentication data in files with weak permissions, enabling a local user to affect confidentiality, integrity and availability...

4.3CVSS5.5AI score0.0037EPSS