Vulnerabilities > Redhat > Enterprise Virtualization Manager > 2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-24 | CVE-2015-5293 | Improper Access Control vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. | 4.3 |
2013-07-03 | CVE-2013-2144 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. | 5.0 |
2013-03-12 | CVE-2013-0168 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. | 4.0 |
2013-01-04 | CVE-2012-5516 | Information Exposure vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. | 2.1 |
2013-01-04 | CVE-2012-2696 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. | 2.7 |
2013-01-04 | CVE-2011-4316 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. | 3.7 |
2010-12-08 | CVE-2010-2793 | Race Condition vulnerability in Redhat Enterprise Virtualization Manager and Spice-Activex Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. | 6.8 |
2010-06-24 | CVE-2010-2224 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager 2.1 The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | 2.1 |