Vulnerabilities > Redhat > Enterprise Virtualization Manager
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-08 | CVE-2010-2793 | Race Condition vulnerability in Redhat Enterprise Virtualization Manager and Spice-Activex Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. | 6.8 |
2010-06-24 | CVE-2010-2224 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager 2.1 The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | 2.1 |