Lucene search

K
RedhatEnterprise Virtualization Manager

5 matches found

CVE
CVE
added 2013/01/04 10:55 p.m.46 views

CVE-2012-0861

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code v...

6.8CVSS7.5AI score0.0055EPSS
CVE
CVE
added 2013/01/04 10:55 p.m.43 views

CVE-2012-0860

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/.

6.2CVSS6.7AI score0.00054EPSS
CVE
CVE
added 2013/01/04 10:55 p.m.40 views

CVE-2011-4316

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors.

3.7CVSS6.6AI score0.00061EPSS
CVE
CVE
added 2013/01/04 10:55 p.m.40 views

CVE-2012-2696

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.

2.7CVSS6.3AI score0.00143EPSS
CVE
CVE
added 2013/01/04 10:55 p.m.33 views

CVE-2012-5516

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.

2.1CVSS6AI score0.00068EPSS