qemu-kvm-rhev is vulnerable to information disclosure attacks. The vulnerability exists as qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
git.qemu.org/?p=qemu.git;a=commit;h=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
osvdb.org/93032
rhn.redhat.com/errata/RHSA-2013-0791.html
rhn.redhat.com/errata/RHSA-2013-0896.html
secunia.com/advisories/53325
www.openwall.com/lists/oss-security/2013/05/06/5
www.securityfocus.com/bid/59675
www.securitytracker.com/id/1028521
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=956082
exchange.xforce.ibmcloud.com/vulnerabilities/84047
rhn.redhat.com/errata/RHSA-2013-0791.html